Evolving Third-Party Risk Management in Cybersecurity

Severity: Medium (Score: 51.9)

Sources: Recordedfuture

Summary

Recorded Future emphasizes the need for a shift from traditional ratings-only vendor risk management to a more integrated intelligence approach. The cybersecurity landscape has changed, with enterprises now collaborating with numerous third parties, making them attractive targets for threat actors. Ransomware groups exploit vulnerabilities in these vendors, often before the vendors are aware of the breaches. The Forrester Wave™ recognition of Recorded Future in 2026 reflects this market evolution, highlighting the necessity for actionable insights beyond mere security ratings. Current vendor assessments fail to capture active threats or dark web activities related to vendor security. As a result, organizations remain reactive to breaches rather than proactive in their defenses. The article calls for a comprehensive strategy that combines hygiene data with threat intelligence to better secure third-party ecosystems. Key Points: • The era of ratings-only vendor risk management is over. • Threat actors target third-party vendors as pathways to larger enterprises. • Cyber risk ratings must evolve to include actionable intelligence and insights.

Key Entities

• Malware (attack_type)