The large enterprise must use contracts with third-party vendors and service providers that require audits of their security. "The large organization has to require the audits and make sure they do them," says Rosen.
For large enterprise CISOs, hearing that their MSP/third-party vendor family is the security vulnerability that won't go away is like receiving a cold slap in the face at four in the morning. But just as they deal with every other threat, they must gather their resolve, acquire and target resources, determine how to live with second-hand vulnerabilities, and try to get a good night's sleep.
Feel free to leave the night light on.
Sign up for Computerworld eNewsletters.