Related Aspects Of A Breach: Impact Of Partners & Suppliers

Uploaded on 2016-05-20 in NEWS-Cybersecurity News, FREE TO VIEW

Business partners and suppliers can spell trouble for an organization’s security.

By now, many know what happened during the Target breach. In the late autumn of 2013 a group of attackers uploaded card-stealing malware into a small number of point-of-sale (POS) terminals in the retailer’s stores. That malware ultimately compromised some 40 million debit and credit card accounts over the span of about two weeks.

In the months that followed, investigators learned the attackers gained access to the retailer’s POS terminals by first compromising a HVAC company to which Target had granted external network access. Via the use of a phishing email, the attackers stole a legitimate set of credentials and used it to access Target’s payment system network.

Overall, this incident demonstrates that business partners and suppliers can spell trouble for an organization’s security.

Several years later, many companies have yet to heed that warning. Such is the overarching finding of a study conducted for Tripwire by Dimensional Research back in December of 2015.

A total of 320 IT professionals were asked about the challenges that business partners bring to an organization’s digital security. Of those who participated, while 81 percent of respondents stated they were confident about their organization’s ability to protect sensitive data, just over half (55 percent) had the same level of confidence when it came to their company’s business suppliers and partners.

To address that concern, nearly half (43.6 percent) of respondents revealed their organization requires that its business partners and suppliers pass a security audit if they are to sign a contract with them.

Other companies are more indifferent about the security of their supply chain, however. For instance, more than half of all organizations stated they have “bigger concerns” than the threat of a security breach at a supplier or partner exposing shared sensitive information.

Perhaps it is this mentality that has led approximately one-third of companies to neither require security audits of its supply chain companies nor to refuse potential business partners and suppliers if they fail their audits. A quarter of enterprises don’t even check to see if their suppliers meet their security requirements, with a lack of resources and/or understanding primarily to blame for that oversight.

In reality, organizations need to care about the security of their supply chain, as it affects an their ability to securely process payments, implement the Industrial Internet of Things (IIoT), or fulfill other business-critical functions.

Tripwire: http://bit.ly/27r3D4R

« Vulnerable Australia Boosts National Cyber Security
Mobile Spying – What’s Possible, Ethical Or Useful? »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Global Knowledge Training

Global Knowledge Training

Global Knowledge is a worldwide leader in IT and business training, featuring Cisco, Microsoft, VMware, IBM, security, cloud computing, and project management.

Globalscape

Globalscape

Globalscape is a leader in secure data exchange solutions.

Optimal IdM

Optimal IdM

Optimal IdM is a leading global provider of identity management solutions and services.

BPC Banking Technologies

BPC Banking Technologies

BPC’s advanced fraud prevention solution helps card issuers and acquirers combat the growing threat by monitoring 100% of transactions, online, in real-time across all channels.

Cyberint

Cyberint

Cyberint, the Impactful Intelligence company, fuses open-deep-and darkweb Threat Intelligence with Attack Surface Management to deliver maximum protection from external threats.

Regulus Cyber

Regulus Cyber

Regulus enables drones, robots and autonomous vehicles to operate safely, without malicious or accidental interference to the operation of their mission.

Ellipsis Technologies

Ellipsis Technologies

Ellipsis Technologies is a diversified technology company that develops innovative security software for websites and online applications.

Veritas Technologies

Veritas Technologies

Veritas provide industry-leading solutions that cover all platforms with backup and recovery, business continuity, software-defined storage and information governance.

ValueMentor

ValueMentor

ValueMentor is a leading cyber security service provider in the Middle East. We enable clients to reduce risk by taking a strategic approach to cybersecurity.

G-71

G-71

G-71 LeaksID is a cutting-edge ITM technology aimed at safeguarding sensitive documents from insider threats.

Ingenics Digital

Ingenics Digital

Ingenics Digital is a recognized initiator and leading service provider in the areas of software development and embedded systems.

WBM Technologies

WBM Technologies

WBM Technologies is a Western Canadian leader in the provision of outcomes-driven information technology solutions.

ThreatCaptain

ThreatCaptain

ThreatCaptain is a Cybersecurity Leadership Development Company driven to enhance and illuminate cybersecurity risk through strategic alignment and informed business decision-making.

Cakewalk

Cakewalk

Cakewalk is the new standard in easy Access Control. Trusted by IT & Security teams. Loved by employees.

Toro Solutions

Toro Solutions

Toro provide managed security & consultancy to keep governments, businesses & society resilient in the space where cyber, physical & people security converge.

Upwind Security

Upwind Security

Upwind delivers comprehensive cloud security, precisely when and where it’s most critical.