Five Ways SecurityScorecard and Coupa Can Help Protect Procurement from Technology Risks

Today's post is written by guest author Alex Rich, Vice President of Alliances at SecurityScorecard. Alex has been with SecurityScorecard for over four years, having previously held roles in Customer Success and Inside Sales. SecurityScorecard is a CoupaLink technology partner that helps organizations reduce risk exposure and get control over vendor risk.

Costs associated with data breaches are on the rise. IBM estimates that they reached their highest level in 17 years in 2021, averaging $4.24 million on average, compared to $3.86 million in 2020. Specific areas are also seeing intense growth. In the first quarter of 2021 alone, supply chain attacks rose by 42%, far outpacing the general 12% increase in data compromises.

Supply chain issues are likely to persist into 2022 — and possibly beyond — so companies need to develop and deploy vendor management and procurement processes that reduce risk without sacrificing performance. What does this look like in practice? Let's take a look at five ways SecurityScorecard's embedded app for the Coupa Business Spend Management (BSM) platform can help.

1. Understand today’s cyber risk big picture

SecurityScorecard is the market-leading provider of cyber risk ratings. These ratings function in much the same way as credit ratings, except that instead of evaluating financial health, SecurityScorecard evaluates and reports the overall cyber risk of vendors by evaluating and examining publicly available data.

With this approach, procurement teams can quickly access key security data on any potential organization or vendor — simply open the SecurityScorecard app for Coupa and search for the company you're considering. If nothing comes up, teams can make a self-service request for an evaluation, which typically takes around five minutes to complete. Simply request, wait, refresh the app, and see how the organization’s security stacks up.

An example of a SecurityScorecard vendor dashboard

2. Evaluate your cyber security risks efficiently

By using SecurityScorecard, you can more easily understand the risks associated with partnering with specific vendors or providers without having to conduct an in-depth and costly analysis on your own. 

By measuring the overall cyber hygiene of an organization on a scale of 1 to 100, SecurityScorecard provides a starting point for risk evaluation. Given that poor cyber hygiene is connected to higher overall risk, this initial evaluation makes it possible for companies to rule out specific vendors before putting substantive effort into procurement negotiations, helping to save both time and money.

3. Dig into the details of your cyber security risk

SecurityScorecard also lets organizations dig into the details and discover exactly where potential vendors excel and where they may come up short. Using an outside-in methodology that leverages public data, the SecurityScorecard app for Coupa offers insight across 10 key factors, all measured on a scale of 1 to 100, including:

Armed with this in-depth information, businesses are better positioned to make decisions about procurement vendors in real-time. This is especially critical as supply chains broaden in response to pandemic pressures and evolving demand. In addition to third-party risks, procurement teams must now consider fourth, fifth, and even sixth party operations as part of interconnected operational networks.

4. Develop a reliable and repeatable framework

When it comes to evaluating third-party suppliers and vendors, it's critical for companies to develop a reliable and repeatable framework that delivers consistent results. This includes criteria that determine if third parties are worth the investment, require more analysis, or are out of the running entirely. By providing a key metric for security success, SecurityScorecard ratings help set the stage for this process. Providers with high overall scores are more likely to have robust risk reduction and breach management processes in place, while those with lower scores may put company data at risk.

This approach also allows procurement teams to outsource security evaluation to the experts. Rather than building an assessment process from the ground up — and then repeating it for every new potential vendor — SecurityScorecard provides a tool to quickly evaluate what companies are doing to keep their data safe from would-be criminals. 

SecurityScorecard helps evaluate the external-facing aspects of business cybersecurity. Coupa customers can easily understand and measure the cybersecurity posture of any organization. Are your vendors staying up to date with new patches? Have they deployed new tools such as next-generation firewalls to defend their data? Have they experienced recent data breaches or account compromises?

5. Utilize dynamic results for risk evaluation

Static security assessments cannot keep pace with the dynamic nature of technology risks. Take the rise of connected devices as an example. From smartphones to printers to light switches and temperature controls, always-on and always-connected devices are now commonplace. However, this expanding digital/physical network also presents a greater attack surface. 

And this isn't just theoretical — in 2017, a casino network was compromised² when attackers infiltrated hotel fish tank temperature controls to gain a network foothold and then exfiltrate data about high-profile casino patrons. By continuously scanning and monitoring security frameworks, SecurityScorecard offers the peace of mind that comes with dynamic information, and Coupa customers never need to worry that they're behind the curve. 

Sources:

¹ Coupa & SecurityScorecard, 2022

² "A Casino Gets Hacked Through a Fish-Tank Thermometer," Gene Marks, Entrepreneur, 11 Jun 2021.