Third Party Risk
Third party risk is the potential threat presented to organizations’ employee and customer data, financial information and operations from the organization’s supply-chain and other outside parties that provide products and/or services and have access to privileged systems. This is especially significant since often these outside parties do not have the same security standards and protection, and as a result, are used as a conduit into the organization.
Managing this risk is a crucial component to protecting companies’ data and must be a continuous, real-time process that includes review, monitoring, and management of vendors throughout the entirety of the relationship.
Companies should be wary of third party risk and have management processes in place for not only vendors, contractors, customers, and joint ventures, but also counterparties and fourth parties.
Third Party Risk Influence
Organizations rely heavily on third party vendors, contractors, and partners to help meet customer demands and maintain daily operations. Unfortunately, these contractual partnerships also come with critical cybersecurity risks that companies should continually be working to mitigate.
Cybercriminals have become extremely sophisticated and specific when targeting organizations and their users, as they often work to identify weak links that will enable access to privileged and highly confidential data, such as financials, customer data or intellectual property. Often organizations are breached due to the security weaknesses introduced by third parties that possess sensitive information or are granted access to systems or intellectual property.
Types of cybersecurity attacks that often occur as the result of third party risk include:
- Intellectual Property (IP) Theft
- Credential Theft
- Spear Phishing
- Data Exfiltration
- Network Intrusion
- Fileless Malware
Conducting Third Party Risk Screenings, Onboarding & Due Diligence
Companies should begin with the basics, strategize around their specific situations and then act tactically over time to ensure they are properly mitigating third party risk. Identifying trained and experienced individuals with certifications and skillsets that can pivot quickly toward managing and maintaining a third party risk management (TPRM) policy is a significant step to this.
Effective TPRM programs begin with thorough screenings that provide a comprehensive understanding of vendors and help companies better choose who to allow access to their networks.
Throughout the onboarding process, as well as an on-going basis, organizations must classify third (and fourth) parties into risk assessment categories including location, financial, legal and regulatory, information security, availability, and resiliency. They should also evaluate several product types including on-premise software/hardware, cloud software/hardware, hybrid, mobile applications, and consultancy. These asset audits are the backbone of a successful TPRM program, as they capture information along with contracts and documents needed to determine the levels of risk posed by each facet of the third party relationship. The information can also be used to assess monitoring requirements to ensure breaches are avoided.
As the organization’s TPRM policy begins to take shape, it is beneficial to track and report on progress towards remediating or mitigating risks across each layer of the risk management strategy. This helps gauge how successful those efforts have been in driving progress.
Why TPRM Is Important
It is no secret that cybersecurity threats are on the rise, which continues to put pressure on security professionals to ensure that systems and networks are secure. Businesses rely on hundreds – sometimes thousands – of third parties for important factors including increased profitability, competitive advantages, and quicker time to market. Unfortunately, third party vendor relationships open the door to unforeseen risks and vulnerabilities that can have damaging consequences including reputational, regulatory, and financial impacts.
The recent rise in data breaches, supply chain disruptions, and compliance penalties are all incidents driving companies to implement and improve adequate TPRM processes, which takes time and many resources. Without appropriate continuity plans to deal with these unpredictable events, organizations run the risk of suffering monetary losses, as well as customer losses to competitors.
To minimize these risks, companies should take comprehensive steps to ensure that third parties comply with regulations and also protect confidential information.
Awake Security’s Approach to Thwarting Third Party Risk
As security technologies became proficient in identifying malware-based attacks, cyber criminals adapted to using non-malware techniques to carry out a majority of breaches – abusing insider credentials or using SSL tunnels to legitimate sites for command and control. Often these attacks are carried out against third party vendors as they tend to lack the same level of security as the primary organization being targeted.
Awake’s platform takes a unique approach to thwart third party risks by using network traffic analysis to automate the monitoring and hunting down of such threats, whether they are aimed at internal team members or partner entities with access to the organization’s network.
The Awake Security Platform focuses on automating the detection process and reducing the skills and effort barriers that prevent most organizations from uncovering third-party risk and other supply-chain attacks. To do this, it supports not just machine learning and behavioral analytics, but also heuristics-based detection that can look for very specific attacker tactics, techniques and procedures (TTPs) by a process called adversarial modeling. The models themselves are easy to define and can automatically correlate across entities, time, protocols, and other relevant parameters while mapping to frameworks like MITRE ATT&CK™. This uncovers attacks that manifest themselves over weeks or months.
Recent advances in network processing, analytics, and security research have enabled a new era of detection and response capabilities that eliminate many of the challenges of traditional network security. Advanced network traffic analysis solutions are tapping into the evolving network, from on-premise to cloud, virtual, and SaaS to deliver value quickly without long drawn deployments and training / re-training. Every organization would do well to consider these as part of their security architecture.
- Awake Security Platform
- 451 Research: Network Traffic Analysis Opens the Eyes of the SOC
- The Advent of Advanced Network Traffic Analysis & Why it Matters
- Insider Threat: Contractor Spying with Security Cameras
If you liked what you just read, subscribe to hear about our threat research and security analysis.
Dig Deeper with These Resources
Awake Security 2 Minute Explainer Video
What if security could think? What if it could sense danger, calculate risk, and react quickly based…
The Internet’s New Arms Dealers: Malicious Domain Registrars
This report dives into the results of a multi-month investigation that uncovered a massive global surveillance campaign…