Related Aspects Of A Breach: Impact Of Partners & Suppliers

Uploaded on 2016-05-20 in NEWS-Cybersecurity News, FREE TO VIEW

Business partners and suppliers can spell trouble for an organization’s security.

By now, many know what happened during the Target breach. In the late autumn of 2013 a group of attackers uploaded card-stealing malware into a small number of point-of-sale (POS) terminals in the retailer’s stores. That malware ultimately compromised some 40 million debit and credit card accounts over the span of about two weeks.

In the months that followed, investigators learned the attackers gained access to the retailer’s POS terminals by first compromising a HVAC company to which Target had granted external network access. Via the use of a phishing email, the attackers stole a legitimate set of credentials and used it to access Target’s payment system network.

Overall, this incident demonstrates that business partners and suppliers can spell trouble for an organization’s security.

Several years later, many companies have yet to heed that warning. Such is the overarching finding of a study conducted for Tripwire by Dimensional Research back in December of 2015.

A total of 320 IT professionals were asked about the challenges that business partners bring to an organization’s digital security. Of those who participated, while 81 percent of respondents stated they were confident about their organization’s ability to protect sensitive data, just over half (55 percent) had the same level of confidence when it came to their company’s business suppliers and partners.

To address that concern, nearly half (43.6 percent) of respondents revealed their organization requires that its business partners and suppliers pass a security audit if they are to sign a contract with them.

Other companies are more indifferent about the security of their supply chain, however. For instance, more than half of all organizations stated they have “bigger concerns” than the threat of a security breach at a supplier or partner exposing shared sensitive information.

Perhaps it is this mentality that has led approximately one-third of companies to neither require security audits of its supply chain companies nor to refuse potential business partners and suppliers if they fail their audits. A quarter of enterprises don’t even check to see if their suppliers meet their security requirements, with a lack of resources and/or understanding primarily to blame for that oversight.

In reality, organizations need to care about the security of their supply chain, as it affects an their ability to securely process payments, implement the Industrial Internet of Things (IIoT), or fulfill other business-critical functions.

Tripwire: http://bit.ly/27r3D4R

« Vulnerable Australia Boosts National Cyber Security
Mobile Spying – What’s Possible, Ethical Or Useful? »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Information Commissioner's Office (ICO) - UK

Information Commissioner's Office (ICO) - UK

The Information Commissioner's Office is an independent authority set up to uphold information rights in the public interest.

Software Testing News

Software Testing News

Software Testing News provides the latest news in the industry; from the most up-to-date reports in web security to the latest testing tool that can help you perform better.

Redcentric

Redcentric

Redcentric is a leading UK IT managed services provider. We deliver managed IT, cloud computing, data backup, information security services and managed networks.

RKH Specialty

RKH Specialty

RKH Specialty, part of the Hyperion Insurance Group, is a provider of specialty insurance services including Cyber Risk cover.

Trinexia

Trinexia

Trinexia (formerly Credence Security) is a specialty Value-added Distributor of Cyber Security, Digital Forensics, Security Awareness, Data Security & Governance solutions.

Cyberlitica

Cyberlitica

Cyberlitica (formerly iPhish) provides a Workforce Threat Intelligence application that significantly augments companies’ cyber threat prevention efforts.

Omada

Omada

Omada is a leading provider of IT security solutions and services for identity management and access governance.

Farsight Security

Farsight Security

Farsight Security provides the world’s largest real-time actionable threat intelligence on how the Internet is changing.

Strategic Cyber Ventures (SCV)

Strategic Cyber Ventures (SCV)

SCV grow cybersecurity companies that disrupt advanced cyber adversaries and revolutionize the cyber product marketplace.

NuCrypt

NuCrypt

NuCrypt is developing technology that is applicable to ultrahigh security data encryption as well as key distribution.

Sekuro

Sekuro

Sekuro is your leading governance and cyber security partner. Building organisational resilience. Enabling fearless innovation.

SpireTec Solutions

SpireTec Solutions

SpireTec Solutions is an IT management training company offering 1500+ courses with state of art training facilities backed by a team of industry experts in various domains including cybersecurity.

Occentus Network

Occentus Network

Occentus Network is a telecommunications service provider specialized in High Availability Servers & managed Cloud services.

Somerville

Somerville

Somerville are a full service IT partner with over 40 years experience delivering exceptional service and value to our customers.

Panasonic Automotive Systems

Panasonic Automotive Systems

Panasonic Automotive Systems brings together security technologies and human resources cultivated across an extensive range of businesses into the automotive field.

Styx Intelligence

Styx Intelligence

Styx Intelligence’s platform provides visibility and supports remediation against threats targeting your digital assets.