Many companies are compelled to provide some level of network access to vendors and partners in order to do business effectively. Unfortunately, there is mounting evidence that these third- and fourth-party connections create substantial cybersecurity risks.
In many cases, partners and vendors with privileged access to confidential and sensitive data represent a greater threat to network security than the organized hacker groups that grab headlines with high-profile cyberattacks. In a recent survey of 600 IT professionals, 70 percent said they experienced a breach in the previous year that could either “definitely” or “possibly” be attributed to a vendor.
In another survey by the Ponemon Institute, 73 percent of IT security pros said cybersecurity incidents involving vendors and partners are increasing, and 65 percent said it is difficult to detect and mitigate risks associated with third parties. Most say they don’t believe they could count on these vendors to notify them of a data breach.
Privileged access by a business partner amplifies risk because organizations have little control over the security practices of these outsiders.There are many cases where these trusted outsiders unwittingly create vulnerabilities by sharing login credentials with other members of their organization. This could open the door to an attack coming over a trusted connection with legitimate access, which would be difficult to detect.
Partners and vendors can create risk through a variety of other common behaviors. These include failing to log off computers, sending files to personal email accounts, or downloading data to an external drive or memory stick.
To mitigate these risks, organizations need to include partner risk management in their overall cybersecurity framework.This should include an onboarding process for all partners and vendors that evaluates their current cybersecurity practices, while also stipulating requirements for protection of personal data, intellectual property and transactional records.
After the onboarding process, companies must have ongoing monitoring processes to ensure partners are meeting privacy and risk standards. This is often accomplished through an annual audit process or by having partners and vendors fill out self-assessment questionnaires.
Organizations must also have the right internal tools to identify potential vulnerabilities.A good approach would be the deployment of a unified threat management (UTM) platform — an all-inclusive security product able to perform multiple security functions within one single system.
In addition to firewalls, intrusion protection and detection, antivirus and anti-spam features designed to keep intruders out of the network, UTM appliances provide strong access control features to minimize insider threats. They enable you to create identity-based network access policies for individual users, delivering visibility and control on the network activities. They also allow you to identify patterns of behavior by specific users or groups that can signify misuse, unauthorized intrusions or malicious attacks.
Content-filtering features within UTM solutions provide another level of protection. These solutions can filter web-based applications, identify malware signatures and examine instant messaging and email to protect against data leakage. They can also enforce access policies on remote and mobile devices that are used outside the network.
The only foolproof way to protect your computer systems against hackers, malware, data leaks and other security breaches is to unplug them. That clearly isn’t a practical solution. The evolution of modern business makes vendor and partner network access almost obligatory to get things done. That’s why effective security requires constant vigilance and integrated solutions. SSD can help minimize your exposure to risk with a full portfolio of network security solutions and services.