In the past several weeks, we have seen the effects of ignoring the risks of our third-party vendors. They can quickly put your enterprise in peril, as this story about a third-party provider to the airline industry illustrates. In this case, a back-end database supplier grounded scheduled flights because of a computer outage. And then there is this story about how two third-party providers from Facebook exposed more than 500M records with unsecured online databases. These are just the more notable ones. Hackers are getting cleverer about how and when they attack us, and often our third-party apps and vendors are the soft underbelly of our cybersecurity. Witness the various attacks on point-of-sale vendors or back-end database vendors, payment providers or ecommerce plug-ins, etc. And then there are system failures, such as what happened to the airline databases.
You can read my column on RSA’s blog here about what to do about managing third-party threats.