This year’s headlines have featured a number of high-profile exposures caused by third parties working on behalf of major brands.
Automakers like Tesla, Toyota, and Volkswagen go to great lengths to keep their technical information confidential. Details about assembly line machinery and proprietary robotics are among the industry’s most closely guarded trade secrets. But the inadvertent exposure of customers’ data illustrates a problem confounding businesses: Some of their biggest security risks come from their suppliers and contractors.
Although there seems to be significant awareness of third-party risk, with 60% of respondents in a recent NTT Security report pointing to third parties as the weakest security link in their organizations, most companies simply aren’t doing enough to assess or mitigate that risk.
BestBuy says it was affected by the 7.ai breach, due to its use of an online customer service software during a 15-day period when that third party firm’s online chat tool was infected with malware.
Security researchers are pinning a recent data breach – that potentially exposed the credit card information of hundreds of thousands of Delta Air Lines and Sears Holdings customers – on weak third-party security policies.