This week’s announcement by Okta that an attacker gained access to its internal systems serves as the latest reminder that organizations must maintain an up-to-date view of the technologies utilized by their third parties and supply chain partners. Lacking such a view would leave companies exposed to exploitation if one of their vendors is part of the 2.5% of Okta customers impacted by the Lapsus$ breach. What’s worse, if this breach is wider than Okta has acknowledged it could impact more than 15,000 customers and put millions of end-users at risk of compromise.
Determining your organization’s exposure starts with an understanding of which third-party vendors and suppliers are using the Okta solution, requires an impact assessment and remediation steps, and leverages continuous monitoring of third parties for validation. Start with answering these four questions.
All third parties represent some level of risk to your enterprise, but unmanaged, rogue vendor usage can be even riskier if a proper security evaluation hasn’t been performed. After all, you can’t manage what you can’t see. Inventorying your vendors should be done in a centralized platform – not spreadsheets – so that multiple internal teams can participate in vendor management, and the process can be automated for everyone’s benefit. Then, conduct inherent risk scoring to help you determine how to assess your suppliers on an ongoing basis according to the risks they pose to your business.
As part of the inventorying process, build a comprehensive profile for every vendor that includes industry and business insights, demographics, 4th-party technology relationships, and other important information. Collecting 4th-party technologies deployed in your supplier ecosystem helps to identify relationships between your organization and third parties based on Okta usage and will help you visualize attack paths into your enterprise and take proactive mitigation steps.
Proactively engage impacted vendors with simple, targeted assessments that align with known industry supply chain security standards such as NIST 800-161 and ISO 27036. Results from these assessments will help you target needed remediations to close potential security gaps. Good solutions will provide built-in recommendations to speed the remediation process and close those gaps quicker.
Centrally managing vendors, understanding concentration risk, and being more proactive about assessing vendor business resilience plans is a great start. However, you have to be continuously vigilant for the next attack. That’s why you should look for signals of an impending security incident by monitoring the Internet and dark web for your vendor’s cyber threats and vulnerabilities.
Monitoring criminal forums, onion pages, dark web special access forums, threat feeds, paste sites for leaked credentials, security communities, code repositories, and vulnerability and hack/breach databases is essential. You can monitor these sources individually, or you can look for solutions that unify all the insights into a single solution, so all risks are centralized and visible to the enterprise.
8 Steps to a Third-Party Incident Response Plan
When one of your critical vendors is breached, being ready with a prescriptive incident response plan is essential to preventing your company from becoming the next victim.
The wrong time to test your third-party incident response plan is when a potentially significant breach happens. Delays between a vendor incident and your own risk identification, analysis, and mitigation will leave your organization exposed to operational disruptions. Prevalent can help.
The Prevalent Third-Party Incident Response Service enables you to rapidly identify and mitigate the impact of vendor cyber-security incidents by centrally managing vendors, enabling you to automate event assessments, scoring identified risks, and accessing remediation guidance.
Don’t get caught flat-footed by a third-party cyber-attack you know is coming. Schedule a demo to learn more.