Wall Street & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


02:05 PM
Connect Directly

Tech Insight: How To Protect Against Attacks Via Your Third-Party Vendors

Third-party business connections often provide attackers easy, unfettered access to bigger, richer networks

The security of third-party vendor relationships is coming under increased scrutiny given that the source of the Target breach was identified as a HVAC service provider who had remote access into the Target network. While details are still scarce, it's clear that a connection used to allow access for billing can be enough for an attacker to turn an innocuous entry into a data breach that, like for Target, can cost untold millions.

As businesses grow, they are forced to rely on third parties to provide services that require a trust in the provider to protect their networks and data at the same or greater level. Unfortunately, this is rarely the case. Security firm Trustwave analyzed 450 data breaches in 2013 that showed nearly two-thirds were related to third-party IT providers.

[To hear about how financial firms are managing their complex data architectures, attend the Future of the Financial Services Data Center panel at Interop 2014 in Las Vegas, March 31-April 4. You can also REGISTER FOR INTEROP HERE.]

With the increasing reliance on business-to-business connections, companies must protect themselves from the threats posed by allowing "trusted" third parties access to areas of their networks. While trust can be made in a vendor to provide the services it is committing to, it's a blind leap of faith to assume it will take the same precautions in protecting the information and access to your network it is trusted with.

Businesses need to protect themselves and treat the vendors accessing their networks as untrusted entities and put in the controls to protect themselves and monitor all activity sourced from the vendors.

The following are tips that have come from my experience as a security consultant, as well as countless conversations with companies that must allow access to third-party vendors and the vendors themselves.

...Read the full story on Dark Reading

Register for Wall Street & Technology Newsletters
7 Unusual Behaviors That Indicate Security Breaches
7 Unusual Behaviors That Indicate Security Breaches
Breaches create outliers. Identifying anomalous activity can help keep firms in compliance and out of the headlines.