Cybersecurity Insight

Are Third Party Vendors Compromising Your Cyber Security?

25 Jan

The impact of a compromised IT infrastructure extends far beyond an organization’s internal mechanisms and functions. Data breaches and security incidents increasingly put not just individual companies but also entire supply chains at risk. When it comes to cyber security and cyber attacks, the topic of accountability is broached often. Who should be held responsible when an attack occurs? Is it fair to place blame on other parties in the event of a data breach?

Everyone in the supply chain becomes vulnerable if one “link” isn’t secure. From original equipment manufacturers (OEMs) and contract manufacturers to distributors and resellers, it is a mutual responsibility to ensure that the data remains protected, or that significant action is taken when a breach occurs.The problem lies deep within the ‘third party system’: large amounts of data are often transferred within this system, and just because a company takes data security seriously doesn’t mean the same for the third party vendor. Supply chain managers must understand how cyber security problems at their suppliers could affect them, and take steps to mitigate those risks.

A recent report from the New York State Department of Financial Services uncovers interesting findings about third party vendors and security with a focus on the financial industry:

  • less than half of the banks included conduct on-site assessments of their third party vendors
  • 20% require that third party vendors have established at least a minimum level of acceptable security
  • approximately 33% of the banks require their vendor’s subcontractors have security protocols similar to their own

It’s your duty to ensure third party vendors follow the same security precautions that your company does; if that doesn’t come to fruition, consider looking elsewhere. Also, by screening vendors prior to signing them your company has plausible deniability: “We did everything we could to keep the data secure”. Knowledge of the vendor’s attack potential, who has access to the data, and the ins and outs of their business will help determine whether or not they are the right fit for your company.

Even if you don’t have a lawful duty to your customers or clients, you have a moral one. A good, trustworthy organization, such as Neovera, will go above and beyond for their customers when trying to secure their data. Working with our clients from start to finish, Neovera is able to both manage and monitor critical infrastructure while taking on the added pressure of providing 24x7x365 data security. Neovera clients receive a variety of hosting options that are tailored to fit their needs, providing peace of mind in knowing that their cyberspace is secure and allowing them the freedom to focus on their business.