Lax cyber security practices by third party vendors placing enterprises at risk

Lax cyber security practices by third party vendors placing enterprises at risk

Third party vendors the biggest challenge facing GDPR-covered enterprises

Security software maker Kaspersky Lab has warned that security breaches suffered by third party vendors have cost businesses over £1.2 million.

Third party vendors often do not encrypt data belonging to their clients and are thus highly vulnerable to cyber attacks and data breaches.

Back in September, TigerSwan, a private security agency in the U.S., suffered a major data breach incident after a third party vendor hired by the firm uploaded sensitive details belonging to thousands of security officials to an unsecured Amazon S3 cloud server.

Similarly, hundreds of enterprises of all sizes have suffered breaches or have lost customer data due to inappropriate handling of sensitive data by their third party vendors. According to Kaspersky Lab, security breaches suffered by third party vendors have cost businesses over £1.2 million.

‘Raising IT security budgets is only part of the solution, as the most staggering losses stem from the incidents involving third parties and their cyber-failures. While cyber security incidents involving third parties prove to be harmful to businesses of all sizes, their financial impact on a company has the potential to result in twice as much damage,” said Alessio Aceti, head of the enterprise business division at Kaspersky Lab.

‘This is because of a wider global challenge – with threats moving fast, but businesses and legislation changing slowly. When regulations like GDPR become enforceable and catch up with businesses before they manage to update their policies, the fines for non-compliance will further add to the bill,’ he warned.

According to security firm UpGuard, if an enterprise with highly resilient and secure IT toolchain outsources the handling of sensitive or valuable data to a third-party vendor lacking such well-designed processes and systems, then the hiring enterprise should pay the price for any resulting exposure.

The firm has also said that enterprises and their vendors must share equal responsibility to ensure the security of sensitive data against exposure to the wider internet. Such responsibility will ensure that third party vendors will no longer be the weakest point in an organisation’s cyber defence system.

Writing for TurboFuture, Virginia Matteo says that while choosing a third party vendor, an enterprise must consider the agency’s experience and ability to secure data, existence of any complaints or litigations against the agency, its systems and data security plans, insurance coverage, security of its websites, scope of internal control and its knowledge of consumer protection and civil rights laws.

Even though background checks of third party vendors are time-consuming and expensive, there’s also the risk of them leaving if they are scrutinised too much. However, it is important for an enterprise to properly vet vendors depending on what kind of information they’ll have access to.

‘Despite the inconveniences of proper vetting, it is crucial for your company’s security; you don’t want to end up contracting fraudulent or even non-existent third parties. Aim to balance out the costs and security considerations,’ she adds.

Copyright Lyonsdown Limited 2021

Top Articles

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Hackers Breach Electronic Arts & Steal Game Code

Electronic Arts, one of the world's biggest video game publishers including games such as FIFA, Madden, Sims and Medal of Honor, are the latest company to be hacked.

JBS Foods paid £7.7m in ransom to REvil ransomware gang

JBS Foods, the world’s largest processor of beef and poultry products, has admitted to paying a ransom of $11 million to cyber criminals, a week after it announced that operations…

Related Articles

[s2Member-Login login_redirect=”” /]