Ensuring the security of your own network, and making sure you have systems and processes in place to minimise the risk of cyber attacks is crucial. But what about your suppliers? If they don’t take the same precautions, they could make your business vulnerable.
Depending on the type of business you operate, you are likely to depend on third parties to provide some of your services, whether that’s manufacturing or shipping your product, or providing website or payment services. If any of them become the victim of an attack it could result in anything from your product being unavailable (and therefore a loss in revenue) or your customers’ data being stolen.
Examples of a supplier security breach
And these attacks could come from external bad actors, but they could also come from insider threats within your suppliers. For example, earlier this year a former Amazon employee was convicted of wire fraud and computer intrusions in the U.S. for her role in the theft of personal data of over 100m people in the 2019 Capital One breach. She was able to break into Amazon’s cloud computing systems and, using a custom tool to scan for misconfigured Amazon Web Services (AWS) instances, could steal customer data and plant cryptocurrency mining software in their servers to illegally mint digital funds.
In this instance, not only did the target – Capital One – have to settle a class action lawsuit from victims who had their data stolen, they were also fined $80m for falling to establish appropriate risk management measures.
This was a costly mistake for Capital One – both financially and for their reputation. To make sure your organisation doesn’t find itself in the same position, it’s crucial to consider not only the cybersecurity of your own business, but also the potential risks your third party service providers might face and how to mitigate them.