light bulb

Did You Know?



Reply
Highlighted
Posts: 6,085
Topics: 4,025
Kudos: 7,811
Registered: ‎06-12-2013

How To Protect Against Attacks Via Your Third-Party Vendors

The security of third party vendor relationships is coming under increased scrutiny as the source of the Target breach has been identified as a HVAC service provider who had remote access into the Target network. While details are still scarce, it's clear that a connection used to allow access for billing can be all that's needed for an attacker to turn that innocuous entry into a data breach that is costing Target untold millions.

As businesses grow, they are forced to rely on third parties to provide services that require a trust in the provider to protect their networks and data at the same or greater level. Unfortunately, this is rarely the case. Security firm Trustwave analyzed 450 data breaches in 2013 that showed nearly two-thirds were related to third party IT providers.

 With the increasing reliance on business-to-business connections, companies must protect themselves from the threats posed by allowing "trusted" third parties access to areas of their network. While trust can be made in a vendor to provide the services they're committing to, it's a blind leap of faith to assume they will take the same precautions in protecting the information and the access to your network they're trusted with.

 

Full Article

Businesses need to protect themselves and treat the vendors accessing their network as untrusted entities and put in the controls to protect themselves and monitor all activity sourced from the vendors.

The following are tips that have come from my experience as a security consultant and countless conversations with companies who must allow access to third party vendors and the vendors themselves.

Sr. Community Leader

Frequent Voice
Frequent Voice
Posts: 261
Registered: ‎03-09-2014

Re: How To Protect Against Attacks Via Your Third-Party Vendors

That target scare made my dad change his credit card!

---------------------------------------------------------------
~Var

Helper of the Webroot Community

OS and Main Antivirus:Linux Mint, None Smiley Sad
----------------------------------------------------------------
Posts: 5,876
Topics: 83
Kudos: 5,167
Registered: ‎11-27-2013

Re: How To Protect Against Attacks Via Your Third-Party Vendors

Hi Ryan, I also was a victim and changed my credit card too...
Sherry

   

Helpful Webroot Links:


Download (PC) | Download (Best Buy Subscription) | Submit Trouble Ticket | Account Console | User Guides |

BrightCloud URL lookup

Register and Introduce yourself to The Community!


Mac / Yosemite(10.10.4), IPads, PCs,W 7 Pro & W 8.1 R Pro. W 7 Pro on Lenovo (VM:W7,8.1,10) & W/Vista Ultimate on Gateway Laptop.
(WSAC 5 PC,WSA Business)W/10 Preview
Frequent Voice
Posts: 19
Registered: ‎03-04-2014

Re: How To Protect Against Attacks Via Your Third-Party Vendors

I was surprised when I called my credit card company the day after the Target attack hit the news, they already had identified and closed accounts that had been exposed - thought this was a very proactive stance.

Posts: 3,738
Topics: 2,201
Kudos: 2,988
Blog Posts: 0
Registered: ‎06-02-2014

Re: How To Protect Against Attacks Via Your Third-Party Vendors

The following is a update  how to protect against attacks via third party vendors

 

Quote/Despite Target, Retailers Still Weak On Third-Party Security

 

 

By/ Sara Peters posted on 6/24/2014

 

 

A new survey from TripWire shows mixed results about retailers' security practices.

The big Target breach last year was actually the second stage of an attack that began by breaching the retail giant's third-party HVAC subcontractor (although the general public seems to forget that fact). This should have taught companies a lesson about the risks of letting business partners run pell-mell around one's network without paying any mind to their own security posture. However, according to new research from TripWire, at least one-quarter of retailers have not yet learned that lesson.

On one end of the spectrum, 12% of retailers who responded say they require third-party partners to pony up regular reports on vulnerability scans on their network and Web applications. On the other end of the spectrum, 26% said, "We don't evaluate the security of our business partners."

 

DarkReading/ full read here/ http://www.darkreading.com/despite-target-retailers-still-weak-on-third-party-security/d/d-id/127877...

 

Community Leader