The Third Party Threat

63% of all data breaches can be attributed to a third party vendor according to a Soha Systems Security survey. Everyone from LinkedIn to the Hard Rock Hotel and Casino have all been hacked exposing their clients data, thanks to a third party vendor.

The measures taken by organizations to protect corporate assets from electronic theft have to consider many avenues of access. Laptops, tablets and mobile phones that are hand carried into organizations everyday – right past the firewall. If these devices become infected off premises, it now becomes the corporate security teams’ responsibility to defend against it. Remote employees coming in via VPN connections must also be monitored. There is the additional issue of guests who need temporary access as well as contractors who need admittance to the Internet and possibly internal resources as well.

If these contagions aren’t gaining access through phishing attacks then there is always the assumption that someone – somewhere walked the infection right through the front door. The belief that malware of one form or another is always on the network is assumed. Currently, in every corporate network in every state, there is a computing device acting as a host for a bot that is waiting for just the right moment to make a move. 

The debacle of third party breaches hit prominence when Target revealed a massive data breach via a 3rd party contractor. According to the contractor, they utilized the remote access to Target’s internal network for electronic billing, contract submission and project management. Once Target was compromised, the hackers were able to access the point of sale machines (I.e. registers) and ultimately were able to get to roughly 40 million debit and credit card accounts. The data was then uploaded to compromised servers on the Internet which helped obfuscate the identity of the perpetrators. It was estimated that Target faced millions of dollars in losses as a result of the breach. 

Since then, the Yahoo breach has been one of the most spectacular incursions exposing more than a billion user accounts. Rather than breaching Yahoo’s servers directly, email addresses and passwords were likely extracted from a third-party database according to Yahoo. “We have no evidence that they were obtained directly from Yahoo’s systems,” the company said. This unfortunate incident has lead to lawsuits and the delay of the acquisition by Verizon.

The Soha Systems Security survey also revealed:

·75% of the IT and security professionals said the risk of a breach from a 3rd party is serious and increasing

·2% of Enterprise IT and Security Managers, Directors and C-Level Execs consider 3rd party access a top priority

·87% of IT professionals report their organization’s use of contractors has increased

·56% of respondents had strong concerns about their ability to control and/or secure their own third party access

The gap between IT priorities and third party access risk is a serious problem that affects all industry segments and it appears to be getting worse. The use of 3rd party contractors is increasing and for some organizations this poses yet another risk to their security posture. 

A data compromise is inevitable for companies wherever it might emanate from.  Therefore an organizations’ ability to respond to an incident is key.  When responding to a cyber event, investigators almost always turn to the system logs and the history of the traffic patterns that occurred during the event. Having clear, historical visibility into traffic on the network is possible when NetFlow and IPFIX data is collected and archived. Since all major router and firewall companies support these flow technologies, they have become the critical tool for traffic analysis when investigating and sleuthing out the most covert insurgencies. Flow information provides a detailed foot print of every network connection leading up to, during and after a data compromise. Many technologies even leverage flow data for behavior monitoring where, end system behaviors are analyzed over time in an effort to uncover abnormal system communications. 

The faster data breaches can be detected and the entry points closed off, the faster damage can be mitigated. By monitoring and archiving all flow connections, companies stand a better chance of tracing malware back to the source.


Leave a Reply