Related Aspects Of A Breach: Impact Of Partners & Suppliers

Uploaded on 2016-05-20 in NEWS-Cybersecurity News, FREE TO VIEW

Business partners and suppliers can spell trouble for an organization’s security.

By now, many know what happened during the Target breach. In the late autumn of 2013 a group of attackers uploaded card-stealing malware into a small number of point-of-sale (POS) terminals in the retailer’s stores. That malware ultimately compromised some 40 million debit and credit card accounts over the span of about two weeks.

In the months that followed, investigators learned the attackers gained access to the retailer’s POS terminals by first compromising a HVAC company to which Target had granted external network access. Via the use of a phishing email, the attackers stole a legitimate set of credentials and used it to access Target’s payment system network.

Overall, this incident demonstrates that business partners and suppliers can spell trouble for an organization’s security.

Several years later, many companies have yet to heed that warning. Such is the overarching finding of a study conducted for Tripwire by Dimensional Research back in December of 2015.

A total of 320 IT professionals were asked about the challenges that business partners bring to an organization’s digital security. Of those who participated, while 81 percent of respondents stated they were confident about their organization’s ability to protect sensitive data, just over half (55 percent) had the same level of confidence when it came to their company’s business suppliers and partners.

To address that concern, nearly half (43.6 percent) of respondents revealed their organization requires that its business partners and suppliers pass a security audit if they are to sign a contract with them.

Other companies are more indifferent about the security of their supply chain, however. For instance, more than half of all organizations stated they have “bigger concerns” than the threat of a security breach at a supplier or partner exposing shared sensitive information.

Perhaps it is this mentality that has led approximately one-third of companies to neither require security audits of its supply chain companies nor to refuse potential business partners and suppliers if they fail their audits. A quarter of enterprises don’t even check to see if their suppliers meet their security requirements, with a lack of resources and/or understanding primarily to blame for that oversight.

In reality, organizations need to care about the security of their supply chain, as it affects an their ability to securely process payments, implement the Industrial Internet of Things (IIoT), or fulfill other business-critical functions.

Tripwire: http://bit.ly/27r3D4R

« Vulnerable Australia Boosts National Cyber Security
Mobile Spying – What’s Possible, Ethical Or Useful? »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Lares Consulting

Lares Consulting

Lares is a security consulting firm that helps companies secure electronic, physical, intellectual, and financial assets through a unique blend of assessment, testing and coaching.

Anglo African

Anglo African

Anglo African is an information technology firm providing end-to-end solutions to different industries, from IT Infrastructure to DataCom as well as Cloud & InfoSec services.

National Cyber Security Agency (NACSA) - Malaysia

National Cyber Security Agency (NACSA) - Malaysia

NACSA is the leading government agency in Malaysia responsible for the development and implementation of national cyber security management policie and strategies.

Corelight

Corelight

Corelight is the most powerful network visibility solution for information security professionals.

Scanmeter

Scanmeter

Scanmeter helps identifying vulnerabilities in software and systems before they can be exploited by an attacker.

Crashtest Security

Crashtest Security

Crashtest Security is a cyber security company that helps digital companies to continuously create secure software with the help of automated vulnerability assessments.

InfoExpress

InfoExpress

InfoExpress provides network security solutions that enhance productivity and security through better visibility, improved security, and automating device and mobile access to the network.

SecureDrives

SecureDrives

Passwordless Authentication & Encrypted Data Storage Solutions from SecureDrives. We are enabling organisations to work safely and securely, using technology driven solutions.

CyberLab

CyberLab

CyberLab (formerly Chess) is a specialist cyber security company that provides a wide range of security solutions and services.

Axiado

Axiado

Axiado Corporation is a security processor company redefining hardware root of trust with hardware-based security technologies, including per-system AI.

RankedRight

RankedRight

RankedRight empowers security teams to take immediate action on their most critical risks.

CoreStack

CoreStack

CoreStack helps enterprises overcome cloud challenges such as ever growing security risks, stringent regulatory compliance needs and operational complexities.

Mayer Brown

Mayer Brown

Mayer Brown is a global law firm. We have deep experience in high-stakes litigation and complex transactions across industry sectors including the global financial services industry.

ThreatNG Security

ThreatNG Security

ThreatNG is redefining external attack surface management (EASM) and digital risk protection with a platform of unmatched breadth, depth, and capabilities in thwarting technical and business threats.

OneZero Solutions

OneZero Solutions

OneZero specialize in cybersecurity operations, information assurance, computer network operations, solutions engineering, and project management.

Anch.AI

Anch.AI

Anch.AI is an Ethical AI Governance platform that helps you comply with EU regulations and avoid risks and penalties when developing and using AI as part of your business.