Are vendors exposing your company's data and credentials?
Third-party vendors make your organization more vulnerable to cyber attacks. A study shows that nearly 60% of the companies surveyed, experienced data breaches due to their third party vendors.
What are third-party vendor risks?
Now more than ever, businesses rely on external agencies for products and services to sustain operations. Thereby granting them access to the company’s systems and data. Incidentally, the security of such data is only as strong as the vendor’s security policies and practices. Third-party data leaks may even result from Corporate Espionage.
What is the reason for increased third-party risks?
While third-party vendors help increase efficiency and reduce costs, they also serve as entry points for threat actors. Vetting your vendors and performing periodic assessments are a good start, but they fall short when it comes to fourth-party vendors and continuous monitoring, giving ample scope for threat actors to target your company.
63% cyber attacks traced back to third-party vendors
Soha Systems’ study in 2018 indicated that 63% of all cyber attacks could be traced back to third-parties, either directly or indirectly. Considering the rapid growth of the vendor landscape, we can only assume that these numbers are relatively lower than what it must be today.
What data are you putting at risk through vendors?
Trusting third-party vendors with sensitive data, API addresses, and source codes, without centralized control over them, may cause your data to end up on public repositories.
If you do not maintain comprehensive inventories of your vendors, chances are, their unsecured networks could facilitate credential theft that could result in extensive infiltration of your organization.
Confidential data, shared with third-party vendors, could be left unsecured, allowing threat actors to exfiltrate sensitive information pertaining to your organization, and sell it on the dark web.
How can CloudSEK help?
CloudSEK’s ‘XVigil’ is an AI-powered SaaS-based platform that provides specific, actionable, and timely warnings that help you intervene and take swift action, thus preventing costly breaches and losses.
By deploying comprehensive security scans and monitors, XVigil gives you unified supervision, of credential disclosures and data leaks, across the surface web, deep web, and dark web.
COVID related Threat Intelligence
CloudSEK researchers are tracking and monitoring the latest COVID-themed cyber threats across the world. For the latest updates follow our Threat Intelligence feed.
Gamaredon drops emails with malicious attachments that inject malicious macros codes, evades detection. Some of these emails use COVID-19 lures as well.
A campaign that has been active since January 2018, recently released 71 apps that carried malware, takes advantage of the panic caused by the pandemic.
Internal ticketing tool Atlassian JIRA’s unsecured service desks were publicly exposed, allowing attackers to raise internal tickets for multiple departments.