March 14, 2016//Ellen NeveuxLast Updated: July 23, 2021
New reports flag the high risk of data breach through third-party vendors.
Service providers in the digital security industry are positioned to offer insight into current and emerging threats to data and brand safety. Two reports, one from an insurance provider, and the other from a digital security company, point to continued risk from the insecure electronic networks of outsourced service providers.
Across industry, outsourcing offers tremendous opportunity for businesses to access specialized skills, gain service, and reduce costs. As we discussed earlier, even organizations with robust network security can easily fall victim to supply chain hacks on a third party vendor.
In March, specialty insurer Beazley released its annual data breach response report for 2016. Detailing incidents that occurred in 2014 and 2015, the report offers insights that include:
146 days to discover a breach
Mandiant Consulting is a digital security consulting arm of the FireEye Company. The company notes the average length of time from when their incident clients are breached, to when the breach is discovered or reported, is approximately 146 days. While Mandiant notes the number of days have declined since 2014, time remains on the side of threat actors who exfiltrate data, damage network systems, and injure brand reputation.
In a recent report, Mandiant identified abuse of outsourced service providers (OSPs) as a “trend turned constant.” Based on their own incident reports, Mandiant noted they “continued to observe advanced attack groups leveraging outsourced service providers to intrude onto the networks of our customers.”
Some key points made by Mandiant include:
Whether from core or non-core services, or access gained through the Internet of Things, the risk of third-party network breach continues to increase. The SecureLink platform provides effective controls in highly secure and regulated industries.
When your vendor network must be secure — speak with our team.