Analyst Insight: The Gartner® Market Guide for IT Vendor Risk Management Solutions

Rapid7 and Canada Post Supply Chain Breaches Reiterate the Need for Nth-Party Consideration

Recent, high-profile security incidents highlight the need for all organizations to assess supply chain risk.
Alastair Parr
Senior Vice President, Global Products & Services
May 28, 2021
Blog supply chain breaches 0521

Rapid7 recently disclosed that some of its customers may have been affected by a cyberattack against Codecov, a third-party provider of code coverage solutions. The Codecov breach occurred on or around January 31, 2021 and was made public on April 15, 2021.

While Rapid7 is just one of hundreds of Codecov clients potentially affected by the security breach, they stand out as a high-profile security technology provider. As such, they are a prime target for malicious actors attempting to compromise customer assets. While Rapid7 may have internally robust controls and response processes, this breach highlights how even the most stringent organizations can be prone to exploitation within their supply chains.

The Prevalent Third-Party Risk Management Platform includes an impact discovery assessment that our customers can leverage to identify vendors and suppliers that use Rapid7 solutions and may have been detrimentally impacted this incident.

In related news, Canada Post also announced a third-party breach this past week. The incident, which exposed data on 950,000 customers, was traced to a malware attack on electronic data interchange supplier, Commport.

All too often, we assume that large, respected organizations are wholly in control of their operations and services. The fact is, just about all companies rely on third parties to produce and deliver their products and services. In turn, the third parties usually outsource to fourth parties – and many business relationships further extend to seemingly countless levels of Nth parties. As a result, data breaches and other security incidents deep in the supply chain can have a ripple effect that ultimately impacts the final consumer.

While absolute assurance is not possible when it comes to supply chain security, these cases demonstrate the importance of regularly conducting vendor risk assessments, mapping vendor Nth-party relationships, and pursuing continuous third-party monitoring. These activities enable organizations to quickly identify supply chain incidents, understand their potential exposure, get the information they need to remediate the risk, and effectively communicate with their customers and other stakeholders.

Prevalent offers solutions and services that can help you gain visibility into your organization’s third-, fourth- and Nth-party risks. Contact us to see if Prevalent is a fit for you.

Leadership alastair parr
Alastair Parr
Senior Vice President, Global Products & Services

Alastair Parr is responsible for ensuring that the demands of the market space are considered and applied innovatively within the Prevalent portfolio. He joined Prevalent from 3GRC, where he served as one of the founders, and was responsible for and instrumental in defining products and services. He comes from a governance, risk and compliance background; developing and driving solutions to the ever-complex risk management space. He brings over 15 years’ experience in product management, consultancy and operations deliverables.

Earlier in his career, he served as the Operations Director for a global managed service provider, InteliSecure, where he was responsible for overseeing effective data protection and risk management programs for clients. Alastair holds a university degree in Politics and International Relations, as well as several information security certifications.

  • Ready for a demo?
  • Schedule a free personalized solution demonstration to see if Prevalent is a fit for you.
  • Request a Demo