Who’s Really at Fault? Third-Party Data Breaches: A Lesson in Accountability and the Role of ZortrexCube in Securing Critical Data

Who’s Really at Fault? Third-Party Data Breaches: A Lesson in Accountability and the Role of ZortrexCube in Securing Critical Data

Written by: Susan Brown - Founder & CEO Zortrex

In an age where data breaches seem to make headlines every week, one question lingers: Who’s responsible when a company experiences a breach via a third-party service? Recent news about Fortinet’s data breach raises a familiar debate about whether it’s the fault of the third-party vendor or the company that trusted them with critical information.

Fortinet, a cybersecurity giant, revealed that an unauthorised party accessed 440GB of sensitive files from their Microsoft Sharepoint server, which was stored on a third-party cloud platform. The hacker, calling themselves "Fortibitch," mocked Fortinet’s acquisition of leading cloud security and data loss prevention (DLP) companies, only to expose their vulnerability. Despite Fortinet's efforts to downplay the incident, the event highlights the growing complexity of cybersecurity in a landscape dependent on third-party services.

But who bears the responsibility in such breaches? Is it the third-party provider, or is it the company that trusted them?

Fortinet discloses a data breach

The Convenience of Third-Party Services Comes at a Cost:

Large organisations increasingly rely on third-party services for operational efficiency and scalability. In the case of Fortinet, they used a cloud-based file sharing service to store sensitive data. These services provide convenience, allowing companies to manage vast amounts of data without the infrastructure overhead. However, with that convenience comes significant security risks.

Third-party providers are often chosen based on the services they offer, but sometimes security measures are overlooked. Even though companies like Fortinet invest in high-level cybersecurity solutions, such as Data Loss Prevention and cloud security firms, the ultimate responsibility for data security doesn’t disappear once the data is outsourced. It’s critical to recognise that outsourcing the storage of data doesn’t outsource the liability if it’s breached.

Where Does Accountability Lie?

The breach at Fortinet reveals a deeper issue within the industry: corporate responsibility over third-party service providers. It’s easy for companies to point fingers at their service providers when breaches occur. However, the reality is that organisations retain ownership of their data and are ultimately accountable for its security.

Companies must ensure that the third-party services they partner with maintain the same level of vigilance and security standards. This includes continuous monitoring, auditing third-party platforms, and integrating advanced security solutions that can protect sensitive data even when stored offsite.

Why ZortrexCube Provides True Data Security:

This is where ZortrexCube changes the game. ZortrexCube tokenisation technology offers a layer of protection that secures data at the source, ensuring that even if data is accessed by unauthorised parties, it is rendered useless.

Unlike traditional encryption, ZortrexCube uses non-mathematically linked, randomised tokens that cannot be reversed back to the original data. This means that even if a third-party service is breached, the sensitive data remains secure. Fortinet’s reliance on third-party services for convenience could have been mitigated by using tokenisation, ensuring that the liability didn’t just shift to the cloud provider, but that the data itself remained protected.

Tokenisation offers quantum-resilient security, ensuring that data breaches of this magnitude become inconsequential. ZortrexCube takes the responsibility back into the hands of the organisation, where it belongs, providing them with full control over their data regardless of where it's stored.

Fortinet and Lessons Learned:

Fortinet’s incident should serve as a wake-up call to companies across industries. It highlights the need for organisations to take ownership of their data security, regardless of which third-party platforms they choose to partner with. By incorporating ZortrexCube tokenisation technology, companies can ensure that their data is always protected, even when vulnerabilities emerge from external sources.

Ultimately, the fault doesn’t lie solely with the third-party provider. Big companies like Fortinet must ensure that data security protocols extend beyond their internal infrastructure. Tokenisation and next-gen solutions like ZortrexCube are critical for future-proofing data security in a world where breaches are inevitable.

Conclusion:

The rise in third-party data breaches highlights a systemic issue in cybersecurity: the failure to secure critical data at its source. Companies must stop relying solely on third-party services and invest in technologies that can protect their data in any environment. ZortrexCube provides the security organisations need to ensure their data is protected — no matter where it is stored.

Susan Brown

CEO at Zortrex - Leading Data Security Innovator | Championing Advanced Tokenisation Solutions at Zortrex Protecting Cloud Data with Cutting-Edge AI Technology

1 周

"To-date there is no indication that this incident has resulted in malicious activity affecting any customers. Fortinet’s operations, products, and services have not been impacted.” the spokesman added". This highlights that Fortinet did not know until the hacker posted. :-(

回复
Andrew Puch ??????????

Enterprise System Architect?? ??/ IT Consultant / lean / agile/ ScrumMaster at Independent Consulting / Mentor / Mentee / #tribeOfMetors / #purpleSquirrel ???

1 周

Amazing insight as always Susan Brown on #fortinet #data #breach #fortinet24

要查看或添加评论,请登录

社区洞察

其他会员也浏览了