Cybersecurity Insights - April 2024

Hello,

Welcome to the latest cybersecurity insights newsletter.

In this edition, we cover a crucial aspect of information security, third-party vendors. We will explore the most recent cybersecurity developments concerning third-party vendors and outline strategies for mitigating risks associated with supply chain attacks.

Supply chain attacks pose a significant risk as the ultimate target is not the company that has initially been breached, but the customers and partners they work with. By compromising a single service provider, malicious actors could potentially infiltrate hundreds or thousands of organisations, from small businesses to large enterprises.

According to a recent report, 98% of organisations are affiliated with a third-party vendor that has experienced a cybersecurity breach. Additionally, at least 29% of all breaches have third-party attack vectors. This figure is likely higher as many reports fail to disclose specifics on? attack vectors.

Suffice to say, the numbers are not comforting. The rising number of cyber threats and breaches involving third parties are proving that companies need to put more attention towards third party risk management.

Recent headlines have highlighted several breaches to third-party vendors. While your organisation may not directly engage with these vendors, it’s essential to stay informed so that you are ready to take action in the event that you are affected in the future.?

Notable breaches include:?

• Cisco warns of a breach to an unidentified telephony supplier used to send Duo MFA messages. The breach exposed phone numbers, phone carriers, metadata and other logs that could lead to downstream social engineering attacks.
• Global chipmaker Nexperia confirmed a significant data breach after hackers accessed some of its systems and potentially stole sensitive information
• The sensitive data of over 7.6 million orders from more than 1,800 Shopify stores, utilising plugins developed by Saara, has been compromised.
• Sisense’s AI-based data analytics services has alerted customers to reset their credentials following a data breach.
• Sustainable technology company Johnson Matthey has suffered a third-party data breach, affecting over 6000 employee records.
• Home Depot confirms data breach of employee data by a third party SaaS vendor.?

As third-party data breaches become more prevalent, it’s essential for organisations to be aware of the potential risks involved. These include compliance, operational and reputational risks which can be mitigated through conducting a third party assessment. This involves evaluating the vendor’s security controls, privacy policies, and data protection practices.

Areas that should be considered when looking to mitigate risk include:

1. Identify your organisations vendors and assess their risks
2. Define your organisation's risk tolerance and vendor management goals, aligning them with strategic objectives and stakeholder expectations
3. Conduct due diligence and monitoring
4. Implement risk mitigation measures, including encryption, access restrictions, data backup and business continuity planning
5. Use reputable third parties with a strong track record for security and compliance.

This month, our team will be exhibiting at the ESG Summit taking place in Croke Park on April 30th.?

Join us there for an opportunity to discover how we can assist in elevating your business with innovative cybersecurity strategies, and solutions tailored to your organisation.

If you can’t make it, book a 20 minute discovery call with our team. By the end of this call you will have a clear understanding of the next steps in securing your organisation from potential? risks and maintain a posture of readiness against the unexpected.