Reducing cyber risk that stems from third and fourth party vendors is no easy task. It requires that organizations not only have the ability to continuously monitor and identify new risk, but also the ability to work with their vendors to fix security issues quickly. Getting to risk reduction quickly means that both organizations are communicating effectively, using data and evidence rather than conjecture to make progress.
Article Link: https://www.bitsighttech.com/blog/making-vendor-risk-collaborative-not-combative