Article Details

How to Mitigate the Impact of Third-Party Breaches. Modern organizations are deeply interconnected, with a complex web of relationships and dependencies. The flow of data is a critical aspect of this interconnectedness, as organizations rely on data to drive decision-making, collaborate with partners, engage with customers, and optimize operations. It’s estimated that the global volume of data created, consumed, and stored in 2024 will reach 147 zettabytes – a figure so big that it’s hard to conceptualize. Despite the obvious advantages of sharing data, this means organizations are connected in terms of risk too. The interconnected nature of organizations and flow of data creates a dynamic ecosystem where disruptions or breaches in one part of the network can have ripple effects throughout the entire system. Even if your own house is in order, a breach elsewhere can still impact the security, privacy, and integrity of your data. So, what can you do about another organization, perhaps on the other side of the world, suffering a data breach? The impact of third-party breaches shouldn’t be underestimated but there are practical ways to greatly reduce your risk. Impacts of a third-party breach In a third-party breach scenario, the initial breach occurs not within your organization's own network, but within the network or system of a third-party entity that your organization has a business relationship with. A hacker then uses this initial breach as a platform to gain further unauthorized access to the sensitive data or systems of other organizations in their supply chain. For example, let’s say a financial institution partners with a software provider to handle their customer data. A third-party breach could occur if the software provider's network was compromised by hackers, exposing the customer data of the financial institution. This is just one example and there are several ways a supply chain breach could occur. Impacts of a third-party breach can include: The SolarWinds hack SolarWinds is a software company that provides IT management and monitoring solutions. In probably the most infamous recent example of a third-party breach, hackers gained unauthorized access to SolarWinds’ systems, with major knock-on effects. The hackers inserted malicious code into SolarWinds' software updates, which were then distributed to SolarWinds' customers, including numerous government agencies and organizations worldwide. As a result, the hackers were able to infiltrate the networks of many of these customers, compromising their systems and gaining access to sensitive data. The SolarWinds hack highlighted the risks associated with third-party vendors and the potential for supply chain attacks, where attackers target a trusted vendor to gain access to multiple organizations across its global supply chain. The role of compromised password in third-party breaches Passwords play a significant role in third-party breaches. One serious and often overlooked issue is passwords reuse. Many individuals reuse passwords across multiple accounts, including their personal and professional accounts. If a third-party vendor experiences a data breach and user credentials (including passwords) are compromised, hackers can use those credentials to gain unauthorized access to other accounts where the same password is used. This significantly increases the impact of a third-party breach. Hackers often use automated tools to test compromised credentials from one breach against multiple online services. This technique, known as credential stuffing, relies on the fact that many people reuse passwords across different accounts. If a user's credentials from a breached third-party vendor are successfully used to gain access to other accounts, it can lead to unauthorized access, data theft, and potential financial loss. A tool such as Specops Password Policy allows you to continuously monitor your Active Directory for passwords that have been compromised elsewhere. Our database includes over 4 billion unique passwords from real-time attack monitoring systems that monitor live brute force attacks, plus malware-stolen data from our human-led Threat Intelligence team. Understand and manage your attack surface External Attack Surface Management (EASM) can play a crucial role in helping organizations prevent and mitigate the impact of third-party breaches. EASM solutions can scan and identify all internet-facing assets connected to an organization, including those associated with third-party vendors. If the third-party vendors are hosting services (like an EASM customer's domain and the website on it) then scanning it would be the same as if the domain was 100% owned by the EASM customer. Having this visibility allows organizations to understand the true extent of their attack surface and identify potential vulnerabilities or weak points introduced by third-party vendors. This helps in a few practical ways: Want a better understanding of your own attack surface, including third-party risks? Request a free attack surface analysis from Outpost24 – we’ll map your current situation. Sponsored and written by Outpost24.