Related Aspects Of A Breach: Impact Of Partners & Suppliers

Business partners and suppliers can spell trouble for an organization’s security.

By now, many know what happened during the Target breach. In the late autumn of 2013 a group of attackers uploaded card-stealing malware into a small number of point-of-sale (POS) terminals in the retailer’s stores. That malware ultimately compromised some 40 million debit and credit card accounts over the span of about two weeks.

In the months that followed, investigators learned the attackers gained access to the retailer’s POS terminals by first compromising a HVAC company to which Target had granted external network access. Via the use of a phishing email, the attackers stole a legitimate set of credentials and used it to access Target’s payment system network.

Overall, this incident demonstrates that business partners and suppliers can spell trouble for an organization’s security.

Several years later, many companies have yet to heed that warning. Such is the overarching finding of a study conducted for Tripwire by Dimensional Research back in December of 2015.

A total of 320 IT professionals were asked about the challenges that business partners bring to an organization’s digital security. Of those who participated, while 81 percent of respondents stated they were confident about their organization’s ability to protect sensitive data, just over half (55 percent) had the same level of confidence when it came to their company’s business suppliers and partners.

To address that concern, nearly half (43.6 percent) of respondents revealed their organization requires that its business partners and suppliers pass a security audit if they are to sign a contract with them.

Other companies are more indifferent about the security of their supply chain, however. For instance, more than half of all organizations stated they have “bigger concerns” than the threat of a security breach at a supplier or partner exposing shared sensitive information.

Perhaps it is this mentality that has led approximately one-third of companies to neither require security audits of its supply chain companies nor to refuse potential business partners and suppliers if they fail their audits. A quarter of enterprises don’t even check to see if their suppliers meet their security requirements, with a lack of resources and/or understanding primarily to blame for that oversight.

In reality, organizations need to care about the security of their supply chain, as it affects an their ability to securely process payments, implement the Industrial Internet of Things (IIoT), or fulfill other business-critical functions.

Tripwire: http://bit.ly/27r3D4R

« Vulnerable Australia Boosts National Cyber Security
Mobile Spying – What’s Possible, Ethical Or Useful? »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CERT.BY

CERT.BY

The National Computer Emergency Response Team of the Republic of Belarus.

Australian Information Security Association (AISA)

Australian Information Security Association (AISA)

AISA champions the development of a robust information security sector by building professional capacity and advancing the cyber security of the public, business and governments in Australia.

Institute for Critical Infrastructure Technology (ICIT)

Institute for Critical Infrastructure Technology (ICIT)

ICIT is a leading cybersecurity think tank providing objective research, advisory, and education to legislative, commercial, and public-sector cybersecurity stakeholders.

Core Security

Core Security

Core Security provides threat-aware identity, access, authentication and vulnerability management solutions.

CyberTech Network

CyberTech Network

CyberTECH is a global cybersecurity, Internet of Things (IoT) and Smart City network ecosystem and incubator operator.

BigWeb Technologies

BigWeb Technologies

BigWeb Technologies is dedicated to provide its clients with ICT related services including Infrastructure Solutions, Consultancy and Security.

IronNet Cybersecurity

IronNet Cybersecurity

IronNet’s product and services provide enterprise-wide security management and visibility of your network, users and assets.

Zuratrust

Zuratrust

Zuratrust provide protection for all kinds of email related cyber attacks.

SpyCloud

SpyCloud

SpyCloud is a leader in account takeover (ATO) prevention, protecting billions of consumer and employee accounts either directly or through product integrations.

eLearnSecurity

eLearnSecurity

eLearnSecurity is an innovator in the IT Security training market providing quality online courses paired with highly practical virtual labs.

Automation Workz

Automation Workz

Automation Workz has been ranked as a top 10 Cybersecurity Bootcamp in the US by Career Karma.

Secora Consulting

Secora Consulting

Secora Consulting is a professional services company specialising in tailored cybersecurity assessments and cyber advisory services.

KCS Group Europe

KCS Group Europe

KCS Group helps its clients to identify and deal with any risks, weaknesses and threats which could impact on the business financially or reputationally.

Staley Technologies

Staley Technologies

Staley Technologies is a US nationwide structured cabling, technology integrator, and Managed IT & Cyber Security provider.

Anjolen

Anjolen

Anjolen provides expertise in cybersecurity, compliance and cyber forensic services.

WIIT Group

WIIT Group

WIIT Group are focused on a single goal: securing our clients’ critical processes and enabling them for digital transformation.