In today's business landscape, organisations often rely on suppliers such as technology vendors, businesses partner resources, suppliers of raw materials, shared public infrastructure, and other public services. These “outside” entities are all examples of the supply chain, which is a type of trusted business partner (TBP). However, these outside entities can pose significant security risks.
Example - Target
The infamous Target hack back in November 2013 was traced back to network credentials that were stolen from a third-party vendor. The vendor in question was a refrigeration, heating and air conditioning subcontractor that has worked at several locations at Target and other top retailers.
It wasn’t clear why Target would have given an HVAC company external network access, or why that access would not be cordoned off from Target’s payment system network.
The result was the data leakage of personally identifiable information of over 100 million individuals.
A supply chain attack also called a “value-chain” or “third-party attack” occurs when someone infiltrates an organisation system through an outside partner or provider with access to the victim systems and data.
The risks associated with a supply chain attack have never been higher, due to increased cooperation and partnership between organisations.
The use of trusted business partners is common today. Organisations outsource primarily to cut costs. But today, it is not only about cutting cost but also about reaping the benefits of strategic outsourcing such as accessing skilled expertise, reducing overhead, flexible staffing, and increasing efficiency, reducing turnaround time and eventually generating more profit.
Meanwhile, attackers have more resources and tools at their disposal than ever before, targeting the smaller, less abled security-abled organisation that leads access to the bigger prize.
As the saying goes: “why try to break the front door when you can come around the back”
According to a survey conducted in late 2018 by the Ponemon Institute, found that 56% of organisations have had a breach that was caused by one of their trusted business partners.
The Ponemon Institute went on to say that misuse or unauthorised sharing of confidential data by third parties was the second-biggest security worry for 2019 among IT professionals.
Here are two questions for you:
The list below outlines several best practices that are available to assist you with mitigating insider threat risk within the supply chain.
If you fear that some of your trusted business partners may be taking advantage of your business or maybe placing your organisation at risk by performing unwarranted actions, then we can uncover the risks and security blind spots in how your trusted business partners interact with your organisation through an insider risk assessment.
The insider risk assessment is your first step in gaining control and certainty about the potential risks from trusted business partners.
Within 30 days, we will be able to provide you with a report on your organization risks and elevate your highest risk users for inspection.
How to get started? Get A Threat Assessment HERE or contact us
For more information, you can also send them an email at: [email protected] or give us a call at: +61 26282-5554.