Organizations that work with multiple vendors, partners and suppliers are provided with a range of benefits. However, the threat landscape then expands because each vendor, partner or supplier respectively may have different security practices and may be vulnerable to different types of attacks. As a result, an organization's risk exposure can increase when it works with multiple third-party entities.
For example, if one of the organization's vendors is compromised by a cyberattack, the attacker gains access to sensitive information and systems of the organization, as well. Furthermore, if one vendor has access to another vendor's systems, a compromise of the first vendor's systems potentially leads to a compromise of the second vendor's and, subsequently, the organization's systems.
It’s important for organizations to have a comprehensive vendor risk management program in place to assess and mitigate risks associated with working with multiple vendors, partners and suppliers. One such solution is ServiceNow Vendor Risk Management, which helps organizations continuously monitor critical vendors so businesses can evaluate, mitigate and remediate risks.
Still, ServiceNow VRM customers needed a way to streamline their third-party cyber risk program. Enter an integration with CyberGRX, a provider of third-party cyber risk data exchange. CyberGRX provides third-party threat intelligence, predictive risk insights, outside-in scanning and scoring and a portfolio-wide view of security gaps.
Through the integration, ServiceNow VRM customers now have access to CyberGRX’s extensive third-party risk data. This enables them to prioritize risk actions and maintain constant visibility on emerging third-party threats.
The CyberGRX ServiceNow integration leverages the CyberGRX API to enable customers to create or link vendors to over 200,000 companies in the CyberGRX Exchange. Customers can complete eight impact questions to identify the inherent risk(s) posed by each vendor, including the probability of targeted attacks and potential harm to the business.
Customers can also request assessments on vendors, view assessment statuses, and review attested results including assessment scores, findings and the report PDF.
“More than 80% of the top 500 companies requested by customers are already on the Exchange. Coupling this data with advanced machine learning capabilities, we empower organizations to view, analyze and share cyber risk data like never before,” said Fred Kneip, CEO at CyberGRX. “By partnering with other leaders in the risk management space, such as ServiceNow, we are able to work together to develop revolutionary risk-reducing capabilities and programs.”
When it comes to cybersecurity, organizations need data they can trust. The integration allows those organizations to make decisions, manage risks and meet compliance with trusted data and insights to save money, time and resources.
Edited by
Alex Passett
