Companies usually defend their systems and networks from external attacks, but what if intruders come from the inside, with legitimate login credentials? The 2016 Vendor Vulnerability Index revealed that 69% of companies interviewed “definitely or possibly suffered a security breach resulting from vendor access”.
We all know how the Target data breach in 2013 got started: attackers got access to a small third-party vendor and used it to get into Target’s network with legitimate logins. And what was the result? Around 110 million customers’ details breached.
It’s a trust-based relationship
92% of companies trust their vendors to such a high degree that only 34% know how many login credentials those vendors have. This outlines a strong trust-based relationship that completely blinds a company to what vendors do on its network, how often they log in (on average 89 vendors log into a company’s network every week) and what information they are free to access.
Vendors’ vulnerability is detrimental to brand reputation
As three quarters of companies are expecting to rely more on third-party vendors in the next couple of years, the problem of vendor vulnerability is becoming an issue of great importance. With the increasing number of cyber attacks targeting organisations of every kind and size, securing the organisation’s boundaries and networks is becoming the number one priority. There a lot at stake, not least being reputation.
Access control and administrative privilege management is the key
The lack of control on third-party vendors can be addressed with an ad hoc access and privilege management process. Access to administrative and key accounts should be restricted to authorised users only (usually IT roles) in order to reduce the likelihood of intrusion or staff account misuse. Furthermore, with a user account management system in place, you will be able to control who can access what, reducing the likelihood of internal data theft.
Cyber Essentials is your ally against cyber crime
Access control and administrative privilege management is one of the five Cyber Essentials security controls required by the Cyber Essentials scheme. When implemented correctly, the five controls could prevent around 80% of cyber attacks and improve business efficiency and productivity.
Discover the business benefits you will gain from a successful implementation of the five Cyber Essentials security controls by downloading this free guide.