Do you know your third-party risk?

With the news that several big brands have suffered data breaches as a result of compromised third-parties you should ask yourself; do you know what your organisation’s third-party risks are?

Some of the biggest data breaches of recent years such as the Equifax and Target breaches have been the result of a compromised third-party and this trend shows no sign of slowing.

Just this past week it was reported that luxury retailer Fortnum & Mason became the latest in a long line of big names to have been breached as a result of a compromised third party.

In this case, it was Typeform, a company that provides survey and voting data services to its clients. One of the Typeform survey forms had a vulnerability that affected competition and survey participants and compromised some of Fortnum & Mason’s data.

As well as Fortnum & Mason other big name organisations have been affected including Travelodge and even political party the Liberal Democrats.

Also making the headlines was news that Whitbread is just one of several large businesses to have been impacted by a breach at a third-party recruitment platform provider called PageUp which is based in Australia. Whitbread admitted that ‘some’ current and prospective employee data could have been compromised.

image1

Know the vulnerabilities

With an ever-growing number of businesses and organisations providing online services the number of third party applications being used is rising. From data collection such as surveys to online payments, there are apps for pretty much every business function. Often its cheaper to outsource such services rather than develop them in house.

The risks include:

  • The inability to confirm if third parties have had a data breach or suffered a cyber attack involving sensitive data in the past. Are they still vulnerable to attacks?
  • Are your third-party suppliers sharing data with other vendors, can they be trusted?
  • A lack resources may make the introduction of vendor management policies difficult to implement.

Cybercriminals know all this, which is why they deliberately seek out third-parties to attack. A breach in any part of a supply chain can lead to the compromise of their true target which is often the larger business at the top of the chain.

To reduce the risks, you should ask yourself the following:

  • Do you know who your third-party vendors are?
  • How much do you know about them?
  • What policies do they have in place to prevent a data breach?
  • Is their security policy up to scratch?

 

Do your Third-party Due Diligence with CyberScore™

Due Diligence is a vital part of ensuring the security of your organisation. When seeking out new third-party partners or suppliers you should always ensure that you can trust them and their products.

Poor due diligence has resulted in some of the biggest data breaches. Just because a partner says that they’re secure doesn’t mean it is so. It always pays to check for yourself. With CyberScore™ you can attain a clear security overview of third parties.

For further reading visit –

https://www.xqcyber.com/cyberscore/show/you-can-reduce-the-cyber-threat-to-supply-chains-if-you-do-the-basics

https://www.xqcyber.com/cyberscore/show/third-party-privacy-concerns-go-beyond-social-media

https://www.xqcyber.com/cyberscore/show/dont-let-a-cyber-breach-be-your-legacy

Want to learn more about how CyberScore™ can help secure your business? Visit our website at www.xqcyber.com and if you want to give yourself the very best protection against cyber security threats try out CyberScore™ for free now!

Follow us on FacebookTwitter and LinkedIn or sign up to our mailing list at https://www.xqcyber.com/signup