SpyCloud launched Tuesday their new Third Party Insight solution to help companies understand risk and remediate exposures to the potential threat of account takeover emanating from supply chain vendors. Businesses can use this tool to evaluate risks presented by vendors, partners or acquisition targets based on several factors that stem from the threat of account takeovers.
Third Party Insight provides SpyCloud customers with a risk ranking (specific to the threat of account takeover) for each third party they work with, plus specific data on executive credentials, potentially infected employees, and the rate of password reuse across exposed data.
Companies can share this data with partners for free and work with them to remediate exposures, reducing the risk of a breach due to account takeovers in their supply chain.
Some of the most infamous data breaches occurred after the compromise of a third-party account. Memorably, Target's systems were reportedly compromised in 2013 after an HVAC vendor's credentials were used to access Target's web services for vendors, eventually leading to the propagation of credit card-stealing malware on point of sale systems.
More recently in March 2019, Citrix, which provides virtual private network services to most of the Fortune 1000, fell victim to a breach that emanated from an account takeover attack. Criminals had access to emails, project files, employee information and more over a six-month period before the breach was detected.
"Your employees are open doors to your network, your data and your intellectual property, but your third-party relationships extend that attack surface even further," explained David Endler, chief product officer and co-founder of SpyCloud. "Our new Third Party Insight solution gives businesses a way to evaluate supply chain risks and work cooperatively with their vendors to mitigate them, in turn strengthening their overall security posture while building goodwill with key partners and suppliers."
"In addition to helping assess how vendors and partners may increase your attack surface, Third Party Insight can also help you understand exposures you may inherit through mergers and acquisitions," said Ted Ross, CEO and co-founder of SpyCloud. "When news of an acquisition leaks to the press, the parties involved become ideal targets for criminals. We can now proactively improve the security posture of these parties ahead of these events."
No comments:
Post a Comment