Organizations rely on more vendors and suppliers than ever before, and many of these third-party relationships involve data sharing and/or IT system access. This creates an intricate web of exposures, vulnerabilities and risks that that can be difficult for organizations to understand and manage. The number of third-party data breaches so far in 2022 attest to that.
Let’s consider the risks. Lack of governance over third-party relationships can lead to:
In this post, I will review a few especially damaging third-party data breaches that have already happened this year. I’ll also share five techniques for reducing your third-party attack surface.
So far in 2022, we’ve seen a range of third-party breaches and incidents targeting manufacturing, schools, and healthcare-related services. Here are three of the most notable events:
In February 2022, Toyota shut down operations in Japan after a major plastic supplier, Kojima Industries, suffered a data breach. Kojima had remote access to Toyota manufacturing plants, greatly increasing Toyota’s risk. As a result of the temporary shutdown, Toyota suffered financial and operational losses.
Between 800,000 and 5 million student records were compromised at Illuminate, with many delays noted in the detection and reporting of the breach.
Healthcare company Highmark suffered a breach due to partner Quantum Group suffering a ransomware attack. Up to 657 healthcare entities were affected by this compromise.
It's critical that we start expanding our risk assessment and remediation models to better accommodate for third-party organizations, many of which may not have adequate security controls in place. Even though it might feel like you have little control over the security practices of your vendors and suppliers, there’s still a lot you can do to better prepare for and detect third-party breaches and risks.
Here a few techniques you can employ right now:
Want to learn more? Be sure to watch the on-demand version of my webinar, The Top 5 Biggest Third-Party Data Breaches of 2022 … and How They Could Have Been Prevented.
During the webinar, I dig into the following topics:
Don’t get caught flat-footed. Evaluate your third-party assessment and monitoring strategies today!