Cyber attacks are increasing and there is no sign of slowing. As companies expand they must be prepared to identify the threats and vulnerabilities to secure their data and assets. This process is known as due diligence. In a cybersecurity context it means conducting thorough research and evaluating third-party vendors, partners and acquisitions, and ensuring that they are in line with the security standards of an organization.

In general, due diligence refers to exercising the level of care that a prudent person or business is expected to in similar circumstances. In the area of cybersecurity it is the company’s ongoing efforts to maintain their security posture and prevent data breaches. This involves defining security policies, implementing security measures and constantly monitoring residual risks. It is also essential to keep up-to-date with the legal and regulatory standards in the industry like HIPAA, GDPR and ISO 27001.

Lastly, due diligence requires that companies understand and reduce the risks posed by third parties in their supply chain. This can be achieved through the development of a program for managing vendor relationships that includes assessments and monitoring of risks posed by third parties. It is crucial to establish clear expectations with vendors so they are in compliance with policies and standards.

Furthermore, it is essential to monitor the dark internet, which is a closed online community that cybercriminals use to exchange data and attack techniques. Monitoring the dark internet can help organizations enhance their incident response plans and increase their resiliency to cyberattacks.