Over half of organizations have experienced a third-party data breach
Third parties are often trusted implicitly
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
More than half of businesses (51%) have suffered a data breach that was caused by a third party, a new report has claimed.
New research from the Ponemon Institute and SecureLink claims it’s mostly the victims’ fault, as these organizations fail to take appropriate measures to protect themselves, and often take the “fingers crossed” approach to third-party risk management.
As a result, they’re exposing their networks to both security, and non-compliance risks, and it shows - with almost half (44%) suffering a breach within the last 12 months. Of that number, three-quarters (74%) said it came after giving too much privileged access to third parties.
Going deeper on what businesses are doing wrong, the report says many are outsourcing critical business processes to third parties without properly assessing their security and privacy practices. Even though many businesses see third-party remote access as a security threat, they’re not prioritizing it.
Third-party attacks
Third-party data breaches can be devastating for the victim, and everyone else involved. Last year, for example, a malicious actor accessed an email account ofCanonBusiness Process Services, General Electric’s (GE) vendor. Through the account, the attackers were able to obtain valuable and sensitive data on GE employees, such as bank account numbers and passport numbers.
SolarWinds was another third party whose software was used to get to dozens of large corporations and US government organizations. In what’s known as one of the most devastating supply-chain attacks in recent history, (allegedly Russian, state-sponsored) malicious actors used stolenMicrosoft365 accounts to compromise SolarWinds’ network and slip in malicious code into an upcoming patch for its Orion system.
The patch was later downloaded by more than 33,000 organizations and corporations around the world. The Pentagon, the Department of Homeland Security, the State Department, the Department of Energy, the National Nuclear Security Administration, the Treasury, as well as Microsoft, Cisco,Intel, and Deloitte, are just some of the organizations that fell victim to the attack.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Via:VentureBeat
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
This new malware utilizes a rare programming language to evade traditional detection methods
A new form of macOS malware is being used by devious North Korean hackers
Arcane season 2 confirms the hit series isn’t just one of the best Netflix shows ever made – it’s an animated legend that’ll stand the test of time
