One of the most common cyber myths we encounter is the belief that you’ll be safe from cyber risks if you focus on just your own security.
Ensuring that your organisation is protected against cyber threats is all well and good but what about the other businesses in your supply chain or the third-party assets you use?
You could have the best cybersecurity in the world - but if you’re part of a supply chain and think that you’re invulnerable you’d be wrong.
Organisations must be aware of others in their community and how they’re acting when it comes to cybersecurity. Some of the biggest headline-grabbing breaches of recent years have involved third parties or organisations subordinate to the entity that was hacked.
Probably the most infamous instance of an organisation being attacked via a third party is the Target breach.
Hackers breached the company by stealing credentials from a 3rd party heating company who had access to Target’s networks to monitor their systems.
The company fell victim to a spear phishing attack a few months before the main attack on Target.
The hackers then installed malware onto Target’s point of sell systems that stole customer credit card details and sent them to a compromised Target server. The data was then sent overseas. Overall 1-3 million credit card details were stolen costing the business hundreds of millions of Dollars in damages and reparations as well as the negative impact on its reputation.
Everything in your organisations ecosystem such as subcontractors, subsidiaries, vendors, accounting firms and even the third-party apps used by the web dev team for your company website can be a threat vector. Security is only as strong as the weakest link, and often that weak link is outside of your immediate control.
Just like other criminals, cyber criminals are opportunists on the lookout for weaknesses and easy prey. All businesses are a target and as their supply chains grow their exposure to risk increases.
Incidents of third-party plugins and apps being used for malicious reasons is nothing new. The websites of many organisations use third-party tools and plugins which could provide a point of access for an attacker. Earlier this year this was highlighted by news that many websites from across the world were infected by a malicious code being injected into a third-party website plugin designed to help the visually impaired use websites.
With many organisations allowing employees to Bring Your Own Devices (BOYD) they open themselves up to risk. Infected apps for smartphones can used by hackers to glean data from their users which could be used to attack their employer directly.
CyberScore™ quantifies supply chain risk by automatically testing and rating the security of all parts of the chain. It peer-rates suppliers based on objective, empirical data and provides in-depth guidance and support to the supply chain members that are most at risk.
For further reading visit –
Want to learn more about how CyberScore™ can help secure your business? Visit our website at www.xqcyber.com/cyberscore and if you want to give yourself the very best protection against cyber security threats try our CyberScore™ software for free now.