light bulb

Did You Know?

Posts: 8,025
Topics: 5,474
Kudos: 11,321
Registered: ‎06-12-2013

How To Protect Against Attacks Via Your Third-Party Vendors

The security of third party vendor relationships is coming under increased scrutiny as the source of the Target breach has been identified as a HVAC service provider who had remote access into the Target network. While details are still scarce, it's clear that a connection used to allow access for billing can be all that's needed for an attacker to turn that innocuous entry into a data breach that is costing Target untold millions.

As businesses grow, they are forced to rely on third parties to provide services that require a trust in the provider to protect their networks and data at the same or greater level. Unfortunately, this is rarely the case. Security firm Trustwave analyzed 450 data breaches in 2013 that showed nearly two-thirds were related to third party IT providers.

 With the increasing reliance on business-to-business connections, companies must protect themselves from the threats posed by allowing "trusted" third parties access to areas of their network. While trust can be made in a vendor to provide the services they're committing to, it's a blind leap of faith to assume they will take the same precautions in protecting the information and the access to your network they're trusted with.


Full Article

Businesses need to protect themselves and treat the vendors accessing their network as untrusted entities and put in the controls to protect themselves and monitor all activity sourced from the vendors.

The following are tips that have come from my experience as a security consultant and countless conversations with companies who must allow access to third party vendors and the vendors themselves.

Sr. Community Leader

Frequent Voice
Posts: 261
Registered: ‎03-09-2014

Re: How To Protect Against Attacks Via Your Third-Party Vendors

That target scare made my dad change his credit card!


Helper of the Webroot Community

OS and Main Antivirus:Linux Mint, None Smiley Sad
Posts: 7,466
Topics: 85
Kudos: 8,465
Registered: ‎11-27-2013

Re: How To Protect Against Attacks Via Your Third-Party Vendors

Hi Ryan, I also was a victim and changed my credit card too...

Kind Regards,



Helpful Webroot Links:

Download (PC) | Download (Best Buy Subscription) | Submit Trouble Ticket | Account Console | User_Guides | BrightCloud URL lookup

Register and Introduce yourself to The Community!

WSAC (Beta) Mac / OS X El Capitan (10.11), IPad's, PCs,W 10 & W 8.1 R Pro. W 7 Pro ..Lenovo (VM:W7,8.1,10) & W/Vista Ultimate Gateway Laptop. (WSAC 5 PC,WSA Business)(WSAC Android)

Frequent Voice
Posts: 19
Registered: ‎03-04-2014

Re: How To Protect Against Attacks Via Your Third-Party Vendors

I was surprised when I called my credit card company the day after the Target attack hit the news, they already had identified and closed accounts that had been exposed - thought this was a very proactive stance.

Posts: 4,901
Topics: 2,634
Kudos: 4,824
Blog Posts: 0
Registered: ‎06-02-2014

Re: How To Protect Against Attacks Via Your Third-Party Vendors

The following is a update  how to protect against attacks via third party vendors


Quote/Despite Target, Retailers Still Weak On Third-Party Security



By/ Sara Peters posted on 6/24/2014



A new survey from TripWire shows mixed results about retailers' security practices.

The big Target breach last year was actually the second stage of an attack that began by breaching the retail giant's third-party HVAC subcontractor (although the general public seems to forget that fact). This should have taught companies a lesson about the risks of letting business partners run pell-mell around one's network without paying any mind to their own security posture. However, according to new research from TripWire, at least one-quarter of retailers have not yet learned that lesson.

On one end of the spectrum, 12% of retailers who responded say they require third-party partners to pony up regular reports on vulnerability scans on their network and Web applications. On the other end of the spectrum, 26% said, "We don't evaluate the security of our business partners."


DarkReading/ full read here/


Community Leader