You’ve probably never thought about the cyber security of other organizations, like the third party vendors with which your company works. Perhaps the security of your clients, partners, and other business relationships does matter to you, but you trust that they are doing enough. While many organizations do take some precautions to secure their data, including your own, the possibility of a cyber threat or attack occurring and putting these organizations – and by association, your organization – at risk is very real.
I’m sure we all know by now how important cyber security is to any organization, but all it takes is one cyber attack to tarnish a company’s among the business community, and with clients and partners as well. Government agencies and companies that supply critical infrastructure invest heavily in cyber-security, but the third party vendors and contractors working with them may not be as aware of certain threats or be as heavily protected. These groups are prime targets and often used as “stepping stones” for attackers to get to their primary target.
If you fall into the category of third party vendors or contractors you may be at risk of not only an attack, but losing your reputation among your peers and partners if you’re used as a “stepping stone”. It’s also important to know what kinds of data can be at risk and how often. In a recent survey by B2B International it was found that:
- 49% of attacks target internal operating data
- 35% aim for client or customer information
- 22% put their eyes on market or competitive intelligence
- 19% chase intellectual property
To summarize, you have to protect all your data with equal importance as these attacks go after a wide range of information.
Finally, it’s important to know how these attacks are being performed. The exploitation of vulnerabilities within operating systems or applications include some of the most commonly used, such as: Java, MS Office, Adobe Reader of Flash, and Internet Explorer among others. In much the same way malware spreads you can also be infected by simply visiting a compromised website, or from the ever so prevalent phishing scams. It’s also important to mention vulnerabilities now that business takes place all across the globe and connectivity is ubiquitous, with access to company information from mobile phones, laptops, and tablets no matter where they are. This opens a whole new world of vulnerability and subsequent security measures.
While IT departments can’t always “watch” every user, they can implement solid security measures to ensure that their data is as secure as possible – no matter what the user does. It’s important to take the time to assess the data security risks out there, what risks are prevalent to your organization, and how you can mitigate them. This will ensure that your organization is stable and not putting others at risk.