Identify Entire Supplier Base

Third parties are an extension of any organization's supply chain, and they need to take an approach that's adaptable, continuous and scalable across a rapidly growing set of business partners, according to BitSight's Turner.

Businesses should begin by identifying the entire supplier base that they feel is part of their risk surface area, Turner said, and then tier the suppliers and third parties that they care about by importance. The tiering process should consider the nature of the business relationship, the connection between the third party and the network, and how much information is shared between parties, Turner said.

In the past, Turner said organizations would typically think about which vendors they were spending the most money with when attempting to determine their most important third parties. But newer technologies have made it possible to put together a more holistic risk profile that truly encapsulates the third parties that are most important from a monitoring and collaboration standpoint, Turner said.