Think your organization is safe if it minds its own security?
You’ve also got to worry about security at all those companies you associate with, from suppliers and consulting firms to PR agencies, systems integrators, event planners and even heating and cooling vendors.
So Convenient, So Risky
“While companies have always exchanged information with business partners, they increasingly do so via cloud services,” said Kamal Shah, vice president of products and marketing for Skyhigh Networks, a cloud security and enablement company.
While the cloud makes sharing more convenient, it can also bring big risks.
“Security of any enterprise is only as strong as its weakest link. And recent breaches have shown that partners are often the weakest link,” said Sekhar Sarukkai, co-founder and vice president of engineering at Skyhigh.
Enterprises need to understand the security risks of their business partners so they can take the necessary steps to protect themselves, he said.
In the sixth edition of Skyhigh's quarterly Cloud Adoption and Risk Report, the company focused on third-party risks. The topic is especially relevant in light of recent high-profile breaches, dating back to the 2013 data breach at Target.
While many companies have scrambled to prevent internal threats, fewer are taking adequate precautions looking outside the organization, Skyhigh indicated.
By analyzing cloud use by some 17 million employees, Skyhigh found a substantial number of potential risks for the average company that uses cloud services to connect with outside partners.
The average large company has 1,555 partners, according to Skyhigh. “It makes sense when you consider how many vendors and outside companies are involved in the day-to-day functions of a large enterprise," said Shah.
Some of these partners pose higher risks than others. “We assessed thousands of partners and found 8 percent present a high risk from a cyber-security standpoint. But the surprising fact was that 29 percent of the data shared with partners is shared with these high-risk partners,” he added.
How to Respond
There are steps you can take to protect your organization, Shah said, noting, “Our findings show that companies need to perform due diligence before allowing trusted digital connections to business partners.”
Hackers may be looking to exploit your vulnerabilities. “As recent breaches have shown us, attackers are increasingly finding the weakest link in your trusted partners.”
To stay safe:
- Assess business partners regularly and look for risks
- Use only secure-corporate approved cloud services to connect with business partners
- Enforce the use of strong, unique passwords for all business partners
- Rotate passwords every 90 days
- Give business partners the minimum-level of access required
- Monitor connections for signs of compromise
- Look for red flags, such as high access or large volumes of data being pulled from or put into the system
Title image by chrisbulle.