Cyber attacks are increasing and there is no sign of slowing down. As businesses grow they must be prepared to assess risks and vulnerabilities to protect their data and assets. This process is called due diligence. In the context of cybersecurity this involves conducting thorough research and evaluating third-party partners, vendors and acquisitions, while ensuring that they follow the security standards of an organization.

In general, due diligence means exercising the level of care that a prudent individual or business would be expected to do in similar circumstances. In the case of cybersecurity it is the business’s ongoing efforts to maintain their security posture and to prevent data breaches. This includes logging security policies as well as implementing security measures and constantly checking for residual risks. It also means being aware of legal and industry standards such as GDPR, HIPAA and ISO 27001 and ensuring that your company’s practices conform to these standards.

Due diligence also requires that companies reduce and understand the risk of third parties in their supply chain. This can be accomplished by implementing a vendor management program that includes assessments and ongoing monitoring of risk from third parties. It’s important to set high expectations of vendors to ensure they adhere to rules and regulations.

Moreover, it is critical to be aware of the dark web, which is a closed online community that cybercriminals use to exchange information and execute attack strategies. Monitoring the dark web can assist organizations improve their emergency response plans and be more resilient against cyberattacks.