Related Aspects Of A Breach: Impact Of Partners & Suppliers

Uploaded on 2016-05-20 in NEWS-Cybersecurity News, FREE TO VIEW

Business partners and suppliers can spell trouble for an organization’s security.

By now, many know what happened during the Target breach. In the late autumn of 2013 a group of attackers uploaded card-stealing malware into a small number of point-of-sale (POS) terminals in the retailer’s stores. That malware ultimately compromised some 40 million debit and credit card accounts over the span of about two weeks.

In the months that followed, investigators learned the attackers gained access to the retailer’s POS terminals by first compromising a HVAC company to which Target had granted external network access. Via the use of a phishing email, the attackers stole a legitimate set of credentials and used it to access Target’s payment system network.

Overall, this incident demonstrates that business partners and suppliers can spell trouble for an organization’s security.

Several years later, many companies have yet to heed that warning. Such is the overarching finding of a study conducted for Tripwire by Dimensional Research back in December of 2015.

A total of 320 IT professionals were asked about the challenges that business partners bring to an organization’s digital security. Of those who participated, while 81 percent of respondents stated they were confident about their organization’s ability to protect sensitive data, just over half (55 percent) had the same level of confidence when it came to their company’s business suppliers and partners.

To address that concern, nearly half (43.6 percent) of respondents revealed their organization requires that its business partners and suppliers pass a security audit if they are to sign a contract with them.

Other companies are more indifferent about the security of their supply chain, however. For instance, more than half of all organizations stated they have “bigger concerns” than the threat of a security breach at a supplier or partner exposing shared sensitive information.

Perhaps it is this mentality that has led approximately one-third of companies to neither require security audits of its supply chain companies nor to refuse potential business partners and suppliers if they fail their audits. A quarter of enterprises don’t even check to see if their suppliers meet their security requirements, with a lack of resources and/or understanding primarily to blame for that oversight.

In reality, organizations need to care about the security of their supply chain, as it affects an their ability to securely process payments, implement the Industrial Internet of Things (IIoT), or fulfill other business-critical functions.

Tripwire: http://bit.ly/27r3D4R

« Vulnerable Australia Boosts National Cyber Security
Mobile Spying – What’s Possible, Ethical Or Useful? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

HDI

HDI

HDI is the worldwide professional association and certification body for the technical service and support industry.

Tanium

Tanium

Tanium is an endpoint security and systems management company.

PlaxidityX

PlaxidityX

PlaxidityX (formerly Argus Cyber Security) is a global leader in mobility cyber security, provides DevSecOps, vehicle protection and fleet protection technologies and services.

Private Internet Access

Private Internet Access

Private Internet Access is a Virtual Private Network services provider offering secure encrypted access to the internet.

Sectigo

Sectigo

Sectigo is a leading cybersecurity provider of digital identity solutions, including TLS / SSL certificates, DevOps, IoT, and enterprise-grade PKI management, as well as multi-layered web security.

Morphus Information Security

Morphus Information Security

Morphus is an information security company providing Red Team, Blue Team and GRC services as well as conducting research in cybersecurity and threat analysis.

Czech Accreditation Institute

Czech Accreditation Institute

Czech Accreditation Institute is the national accreditation body for the Czech Republic. The directory of members provides details of organisations offering certification services for ISO 27001.

Consensys

Consensys

ConsenSys is a global blockchain company. We develop enterprise applications, invest in startups, build developer tools, and offer blockchain education.

Nucleon Security

Nucleon Security

Nucleon Endpoint Detection and Response EDR is the most effective way to protect the value created by your organization against any threat.

ESC - Enterprise Security Center

ESC - Enterprise Security Center

ESC is a system house specializing exclusively in IT security - Security Implementation & Optimization, Operations, Managed Security Services.

ProCheckUp

ProCheckUp

ProCheckUp is a London-based independent provider of cyber security services, including IT Security, Assurance, Compliance and Incident Response.

SignalFire

SignalFire

SignalFire invest across both enterprise and consumer sectors at the seed and early growth stages.

GreenPages Technology Solutions

GreenPages Technology Solutions

GreenPages provide expert strategic guidance and proven cloud-era solutions for our clients. Every day we help organizations leverage the cloud securely with less risk and cost.

Certcube Labs

Certcube Labs

Certcube Labs provide a broad range of services in the areas of Assessments, Development, Risk Advisory, Blockchain, Forensics Investigations, Managed Security Solutions, and IT Security Trainings.

Brunswick Group

Brunswick Group

Brunswick is a critical issues firm. We advise the world’s leading companies on how to navigate the critical issues they face and engage with their critical stakeholders.

3DOT Solutions

3DOT Solutions

3DOT Solutions is an established UK cybersecurity consultancy focused on delivering end-to-end cyber security solutions for private and public sector customers.