Recent research carried out by Gurucul, a security and fraud analytics provider, has uncovered 74% of companies are being driven to actively take steps to mitigate security risks posed by third party vendors following recent breaches.
The study also found that Managed Service Providers (MSPs) are the biggest third-party concern amongst IT security professionals, ahead of systems integrators and developers. Gartner predicts that managed and subscription-based security services will account for half of all cyber-security spending by 2020, highlighting the importance for companies to take quick action against the security pitfalls of third party vendors.
As the marketplace grows, cyber attackers are likely to put more and more effort into compromising third party vendors, making this growing problem a major concern. MSPs, for example, have always been trusted advisers to organisations, managing end-user systems, IT infrastructures and, increasingly, are being charged with safeguarding their customers’ IT systems from cyberattacks. However, as they often have a roster of clients, this makes them a prime target for attackers; once cracked, attackers have access to several companies’ data. The actions of any person or entity who can access a company’s most critical systems and applications should be monitored. Any vendor with access to critical systems and sensitive data might be a potential insider threat, whether maliciously or accidentally.
“What’s most concerning is how reliant we are on third party vendors and how frequently they seem to be letting us down,” said Nilesh Dherange, CTO of Gurucul. "The fact that companies are having to take proactive steps against what should be a trusted partner is extremely concerning and, with breaches showing no sign of slowing down, it further highlights the dangers they pose for organisations.”
“With insider threats still one of the biggest and most concerning causes of data breaches, organisations need to account for an often-forgotten type of insider threat - third party vendors. Organisations can defend themselves by investing in the latest technologies, including User and Entity Behaviour Analytics (UEBA) solutions and machine learning, which can identify potential insider threat behaviour from within an organisation before it manifests into a breach.”