February 15, 2021//Derek JonesLast Updated: June 22, 2021
News broke recently that a water plant in Florida, which provides water to businesses and around 15,000 residents, was permeated by a hacker. The hacker increased the amount of sodium hydroxide in the water treatment system to more than 10,000% of the normal ratio. To you and me, that might not seem that bad besides knowing that 10,000% more of anything probably isn’t good. To add more context, sodium hydroxide is an extremely corrosive substance used in water treatment facilities to control water acidity, remove heavy metals, and disinfect, but if there’s too much, it can cause near-fatal damage to anything or anyone it comes in contact with. Luckily, an employee at the plant saw the increase and reversed it to where it would have minimal effect.
The question is, what if the employee hadn’t noticed it as quickly? This is happening more and more because of the out-of-date practices that are in place to control vendor access within company and government systems.
I’m new to the cybersecurity space but knew that this industry was going to be the future. The cool thing about technology no matter what type we’re talking about is that things continue to shift and move with the times. We used to listen to music on cassettes while today we listen to music on an app built into our phones. Similarly, when I wanted to shift my career to the cybersecurity industry, I wanted to make sure that I was able to find a company that continually updated its product to match the new threats happening in the world. Prior to entering the cybersecurity world, a situation like this (where the water could literally be poisoned) seems like a plot to a blockbuster movie. But, this is a real-life problem as hackers and bad actors continue to find new ways to infiltrate water systems, hospital networks, and everything in between.
There’s a saying in our business: “you’re only as safe as your least secure vendor.” With the average cost of a single data breach at $3.86 million, companies are scrambling to figure out how to keep their clients, patients, employees, and other sensitive information safe from hackers. Fortunately, there are ways to prevent being a victim and having your organization make headlines for all the wrong reasons.
The right secure remote access platform will be the best place for your company to start if you’re allowing vendors, contractors, or other third parties to access your network because it’s well-known that this is the most used route that hackers use. Implementing the right platform allows the customer to efficiently identify who has access to their data, control when and where they can go when they’re there, and capture an audit of everything they do along the way. In other words, you won’t have to choose security or efficiency, you can have both.
We have certain safeguards and considerations when it comes to our personal lives, so why should they be different in our professional lives? We decide who we give access to our home and gatherings by only giving keys and invitations to those we trust. You wouldn’t give a house key to someone you randomly met, would you? The same goes for vendors and their vendor reps: you shouldn’t grant them access haphazardly. Give them the access they need, nothing more and nothing less.
If airports, hotels, and arenas have these basic measures in place, why wouldn’t a company or state or local government want to? With all the amounts of sensitive information on their systems, including credit cards, social security numbers, critical machines, and more, making sure the vendor access system is secure seems like the best insurance and ROI they could have. Especially when you remember that over 60% of data breaches are due to a third-party vendor.
Consider a few other stories from recent breaches: In Las Vegas, a hacker released information on students because officials refused to pay the ransom, in Kentucky, employees health information was hit in two data breaches, and in the City of San Angelo, they cut ties with one of their vendors because they were tied to a water billing security breach.
No organization or industry is immune to attacks like these, and it only takes one to ruin the trust of the company from its customers, patients, and citizens, and even looks worse on the internal teams managing those systems. Cybersecurity is the future, and third-party vendor access management ensures that you’re covered from these attacks. To learn more about the importance of implementing a well-rounded cybersecurity plan that includes allowing vendors to connect to your network securely, download our interactive checklist that helps you identify if you’re vulnerable to a data breach or hack that’s related to a third party.