decrypting myths
How to
safeguard your
organisation from
attacks via third-
party vendors
As more attackers use third-
party sources as a way to
enter organisations’ critical
networks, security teams must
stay one step ahead. Morey
Haber, Chief Technology
Officer and Chief Information
Security Officer, BeyondTrust,
offers seven recommendations
that organisations can take
to exert better control over
third-party vendor network
connections and secure
remote access.
R
ealising that
most large
organisations
today have
sophisticated
security defences,
bad actors are
beginning to target third-party vendors
as a means to gain access to an
enterprise’s network.
In fact, in 2018, over 11 significant
breaches were caused by exploitation
of third-party vendors and according
to Carbon Black’s 2019 Global Incident
Response Threat Report, 50% of today’s
attacks leverage what they call, ‘island
hopping’, where attackers are not only
after an enterprise’s network but all
those along the supply chain as well.
IT admins, insiders and third-party
vendors need privileged access to
perform their roles but this shouldn’t
mean ceding control of the IT
environment to them.
Organisations typically allow vendors
to access their networks to perform a
www.intelligentciso.com
|
Issue 15
variety of different functions. However,
this privileged access should be secured
to the same (or higher) extent as the
organisation’s internal privileged users.
Neglecting to do so will create a weak
spot in your organisation’s security that
is ripe for exploit.
Because organisations typically use IT
products and software solutions from a
variety of vendors, IT is tasked with the
enormous burden of having to secure
remote access for these vendors so
that they may provide maintenance and
troubleshooting for their products.
As a consequence, organisations are
faced with the dilemma of having to
provide the needed access while also
guarding against malware and bad actors
entering through third-party connections.
Given that third-party vendors are an
integral part of most organisations’
ecosystem – something that isn’t going
to change anytime soon – there are
seven steps you can take to exert better
control over third-party vendor network
connections and secure remote access.
67