Industry News

Third-Party Cybersecurity Risks

Ha Bui
Reading time: 2 min
Third-Party Cybersecurity Risks

Summarize this post by:

As enterprises accelerate digital transformation, a growing share of cybersecurity risk stems not from internal systems but from partners, vendors, and third-party providers. Experts warn that fragmented supply chains, cloud adoption gaps, and AI-driven threats are creating dangerous blind spots. 

Kavitha Mariappan, Chief Technology and Experience Officer (CTxO) at Rubrik, told iTNews Asia that many organizations lack visibility into their third-party ecosystems, leaving inconsistent access controls and weak vendor security hygiene unchecked. Too often, risk management is reduced to annual compliance surveys rather than continuous monitoring. 

Cloud migration has compounded the challenge. Many companies wrongly assume security responsibilities lie solely with providers. In reality, shared responsibility models mean enterprises must secure configurations, access controls, and data - particularly when third parties are involved. 

The rise of generative AI (GenAI) further intensifies the risk. Threat actors are using AI to create highly targeted phishing campaigns, impersonate executives, and exploit vendor service desks. Even benign AI adoption can inadvertently expose confidential data if tools store or re-use proprietary information for training purposes. 

To strengthen resilience, Mariappan highlighted several priorities: 

  • Vendor ecosystem mapping: including “fourth-party” dependencies using Software Bills of Materials (SBoMs). 
  • Continuous verification: shifting from trust-by-default to ongoing access validation and telemetry-based anomaly detection. 
  • Threat modeling and risk scoring: simulating attack paths through third-party environments and updating risk profiles dynamically. 
  • Resilient recovery: maintaining immutable, air-gapped backups, third-party-inclusive incident playbooks, and Zero Trust enforcement across extended supply chains. 

Looking forward, Mariappan pointed to Agentic AI as a frontier technology that could both accelerate incident response and introduce new risks if not governed effectively. 

“Identifying weak links is no longer enough,” she said. “We need to model how attacks might spread through supply chains and respond before damage is done.” 

 

Source: 

https://www.itnews.asia/news/are-third-party-blind-spots-the-weakest-link-in-enterprise-cybersecurity-chain-620196  

Ready to Build Your Next Product?

Start with a 30-min discovery call. We'll map your technical landscape and recommend an engineering approach.

Contact us

Get Industrial Insights Delivered to Your Inbox

By clicking "Subscribe" you agree to allow Eastgate Software to send newsletter emails to your address. For more information, please read our Privacy Policy.

About The Author

Ha Bui

Ha Bui

CEO & Founder, Eastgate Software

Ha Bui is the CEO and Founder of Eastgate Software. Since 2014, he has led the company's 12+ year engineering partnerships with Siemens Mobility and Yunex Traffic, building a 200+ engineer organization that delivers mission-critical ITS, FinTech, and enterprise software to German engineering standards.

Related Articles