Abacode targets firms’ ecosystem-wide cyber threat

More than 60% of ransomware attacks originate in a company’s third-party partner. When working in an ecosystem, enterprises must eliminate vulnerabilities in their organization and seek to identify and remove vulnerabilities in their partners and suppliers. Hackers will target smaller, less-security-focused companies, then work their way into larger enterprises. For example, they could mirror an email and disrupt network traffic to reach a larger primary target.

Most enterprises have little visibility into the risk from third parties until it’s too late. To counter the threat, HFS Hot Vendor Abacode (Q3 2022) has a new patent pending approach that provides enterprises with rapid visibility into risks within their third-party ecosystem and the opportunity to work with the third party to mitigate them.

Staying on top of risk can be time and labor intensive

To stay on top of risk, enterprises must continuously collect data from many sources. Most third-party monitoring programs have three components:

• Direct inquiry via questionnaires, due diligence, or right to audit—which can be time consuming and hard to scale. In addition, these are often not reviewed or kept current.
• Threat intelligence-based risk scoring can result in many false positives, but it is easy to scale.
• Examination of a third party’s certifications and attestations reports, such as their SOC2 report, is also time-consuming and hard to scale.

Abacode offers a scalable platform 24×7 as a service

Abacode has built a scalable, platform-based service meeting the purpose of all three components of a robust third-party monitoring program. However, it delivers it as a platform-based service that allows the customer to focus on decision making instead of data collection and analysis. Abacode’s platform applies patent-pending AI-powered technology to analyze all the resulting data and provides an actionable risk score across the entire third-party ecosystem.

The intent is to improve time-to-action by rapidly sifting real-time data to provide a simple risk score that alerts the enterprise to act. Abacode can then help third parties resolve their issues if required.

Abacode is part of a next-generation cybersecurity category of managed cybersecurity and compliance providers (MCCPs), which consolidate cybersecurity risks and regulatory compliance under one roof, helping customers quickly achieve high visibility of cyber and compliance risk.

No guarantees—but effort can be targeted where the platform points

Abacode admits it cannot guarantee 100% success in locking out cybercriminals. But, for example, if a customer has 100,000 partners in its enterprise ecosystem, Abacode will get to know the riskiest 5% to pay the closest attention to, providing a defensible approach for focusing limited resources on deeper audits and inspection.

The platform is built and will be ready for rollout in a matter of months. The program is currently in pilot mode with various strategic customers to ensure all details are considered. Abacode is also collaborating with several law firms to tackle some of the contractual complexities that will need to be overcome to clarify the shared responsibility model between prime, third party, and Abacode.

The Bottom Line: The security and compliance community will need evidence that Abacode can benefit all parties in the ecosystem.

Delivering alerts to support ecosystem-wide security and compliance enhancement is a laudable ambition, but, in this case, it requires all parties to work together to solve a significant issue. All parties will demand evidence they can trust the data gathered, Abacode’s scoring methodology, and the accurate and fair functioning of the dashboard they generate. HFS understands Abacode is preparing to provide such evidence in a white paper. The real proof will come when the results of the first pilots are in. HFS looks forward to interviewing customers about their experience before the year ends.