THREATOPS
THREAT OPSThreat News › Third-Party Risk Is an Intelligence Operation. It's Time We Treated It Like One.

Third-Party Risk Is an Intelligence Operation. It's Time We Treated It Like One.

lowrecordedfuturePublished 2026-04-09

<p>For years, the cybersecurity industry has treated third-party risk management as a compliance exercise. Assess your vendors. Assign a score. File the report. Move on. That model was built for a different era. One where supply chains were smaller, threat actors were less sophisticated, and a quarterly questionnaire could reasonably approximate a vendor's security posture. That era is over.</p>

MITRE ATT&CK techniques

Indicators of compromise

Original source: https://www.recordedfuture.com/blog/recorded-future-sees-its-inclusion-in-the-2026-forrester-wave