Following last week’s revelations about Play.com’s customer data being compromised – as a result of a supplier falling victim to a cyberattack – the UK based Co-operative has admitted that a third-party vendor posted information online about 83,000 of its customers.
These latest data breaches highlight the importance that an organisation must place on its own information security and, if service providers are going to have access to data, then it is essential they are subject to at least the same level of security as the company procuring their services.
Cybercriminals widen their net
It’s early days, but it seems that cybercriminals are widening their net to include the suppliers and third-party vendors of larger brands, the type of suppliers that handle a lot of customer data and e-mail addresses. This shift in focus could be down to hackers in search of low hanging fruit, or because cybercriminals know that genuine subscriber details are much more useful for creating third generation phishing attacks designed to lure consumers to malware-infected sites.
Brands suffer at their suppliers’ expense
The Play.com data breach was the result of their e-mail service provider ‘Silverpop’, being attacked and their security arrangements not bring fit for purpose. Because it was Play.com’s customer data that was compromised, Play.com has received more negative press than Silverpop, and the brand’s reputation will suffer as a result. In the case of the UK based Co-operative, the third-party vendor responsible for causing the data breach hasn’t even been named!
Avoid reputation and brand damage caused by third-party suppliers
Comply with the Data Protection Act
A security breach, such as that experienced by play.com and the Co-operative may, in some organisations, also reflect an underlying failure to comply with the DPA.
For cost-effective do-it-yourself DPA compliance, you should buy the Complete Data Protection Toolkit. If you are quick, and purchase today (31 March 2011), we’ll send you our essential best-practice report Data breaches: Trends, costs and best practices absolutely free!
Implement ISO 27001 – international best practice for information security
Accredited Certification to ISO 27001 gives an organisation internationally recognised and accepted proof that its system for managing information security – its ISMS or cybersecurity readiness – is of an acceptable, independently audited and verified standard.