Do you think that your company’s cybersecurity has superhero strength to rival an evil supervillain from the Marvel Cinematic Universe? Think again. You may have all the tools, technology, process, or even people in place to safeguard every nook and cranny of your organization’s networks, but ultimately, bulletproof security is unattainable. The reason? Third parties.
As companies look to third parties for specialty services, their digital ecosystems expand and intertwine. New and increased connections could give attackers more opportunities to break into an organization. Malware continues to be a popular way to manipulate third parties and gain entry into corporate networks. Let’s look at a few real-world examples of these risks:
- In June 2019, both LabCorp and Quest Diagnostics experienced third-party data breaches that exposed 7.7 million and 11.9 million records, respectively. Included in the exposed records were names, birthdates, addresses, phone numbers, dates of service, and more ranging from August 2018 to March 2019. Both breaches were caused by a hacker that gained access to American Medical Collection Agency’s system—a third-party that the two companies have in common.
- In June 2017, the Ukrainian tax-filing software company, MEDoc, was breached. Its servers pushed a malicious software update to clients, which caused the NotPetya outbreak. Almost every company with offices in the Ukraine was affected by this malicious update as many rely on MEDoc for tax accounting. In addition to the threat of malicious software updates, our team recently predicted the weaponization of adware in our 2019 Cybersecurity Threat Outlook report.
- In 2013, the retailer Target was breached when its HVAC vendor, Fazio Mechanical Services, had an employee’s credentials compromised. Attackers used this account to gain access to Target’s web services dedicated to vendors. It is critical for clients to identify trusted networks and connected third parties and profile the digital threat footprint for each. Our team offers clients this level of visibility and prioritizes external digital risk exposures through our Attacker Reconnaissance Service.
Unfortunately, third-party resources represent exploitable infrastructure typically outside the control of an organization's security team. Since third-party suppliers and vendors are external from your own cybersecurity organization, it is difficult to know whether the materials or systems connecting to yours are compromised. Mitigating these third-party risks today requires more visibility and coordination than ever before. Here’s how to mitigate and protect your network:
Think like the adversary and anticipate motivations and actions.
Try to determine which prized data and property are potential targets. Proactive efforts like threat hunting can help uncover evidence of compromises that are already happening or gaps in your capability to detect such activity.