Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

09:00 AM
Tony Howlett, CISO at SecureLink
Tony Howlett, CISO at SecureLink
Sponsored Article

Third-Party Remote Access Is Your Network's Weakest Link

Learn how you can keep your company's data safe and what role VPNs, phishing attacks, and privileged credentials play in relation to vendor access management.

Third parties, contractors, and vendors play a dangerous role when it comes to data breaches. These types of breaches can cost your organization millions of dollars and will only continue to become larger and more frequent. In fact, research shows that nearly half of all data breaches involve a third party or vendor. Many organizations are implementing different solutions trying to protect against third-party cyber-risk, but most fall short, aren't efficient, and end up giving third parties too much access. In order to protect your data against the risks that come with third-party access, you should invest in a vendor access management solution.

Hackers often infiltrate companies through third-party access because this can be the weakest link in the network. What makes this even more attractive is that vendors often have access to multiple customer networks so hackers can get a lot of data for the effort of a single hack. Organizations need to be vigilant with the access they give to third parties and watch out for the most common paths hackers take to gain access.

VPNs — Nothing but Access
Virtual private networks (VPNs) are used by nearly every organization, especially as we see an increase in the need for remote access. VPNs are great when providing a connection to internal yet remote employees accessing internal resources, but this is where the functionality of VPNs stops. VPNs provide nothing beyond encrypting data between two points of access.

Organizations need to ensure that all external third parties have secure access to only the networks, systems, and information they need. With a vendor access management solution, users are given access only to resources they need to get their job done while being compliant with necessary regulations and industry requirements. Vendor-specific solutions allow for secure access to only what matters, rather than full access to your entire network.

Phishing Attacks From the Outside
Phishing has become extremely sophisticated and research shows that, on average, 90% of data breaches stem from a phishing attack. Organizations may conduct internal phishing tests to help educate employees on how to outsmart a phishing attack, but this doesn't account for the people you don't directly hire. Your third parties could be untrained and susceptible to a phishing attack that could inadvertently compromise your network, especially if it's through a VPN or another tool that wasn't specifically made for vendor connections. In order to protect against phishing attacks, it's important that all parties involved are educated with regular phishing simulation tests and security awareness training to ensure nothing is compromised.

The Dangers of Ransomware
Ransomware is another common danger that insecure third-party access can bring. The cost of ransomware attacks surpassed $7.5 billion in 2019 with downtime costs increasing 200% year-over-year. Ransomware attacks have caused severe downtime across many industries that provide critical infrastructure.

Beyond being expensive, ransomware attacks can be a danger to public safety, and organizations need to be prepared so that their information security systems are able to handle these attacks. Organizations should implement a well-rounded cybersecurity strategy that can keep track of third-party activity and reveal signs of a breach before they happen.

Privileged Credentials Are a Threat
Credentials are not, and should not be, created equally. Privileged or administrative credentials have access to vastly greater resources than regular users and can unlock further privileges for other employees when necessary. External third parties should almost never be given this level of access. Even though a third-party vendor rep may not have bad intentions, a bad actor can co-opt their machine via phishing or other attack and take advantage of their credentials to gain access into your network and systems. Thus, it's critically important for organizations to oversee and regularly audit all third-party activity.

Organizations need a vendor access management solution in order to control the access a vendor needs in a secure way to avoid any compromises. Credentials being written on a sticky note or, worse, sent via plaintext email to your vendor don't cut it anymore and open up your organization to countless security vulnerabilities. Organizations need to invest in a solution specifically for managing vendors in order to have full visibility into vendor access and have centralized software to manage secure access.

Whether it is an outside vendor or contractor, taking the security of any third party with access to your network credentials seriously is of the utmost importance. Organizations need to critically think of their data governance in a holistic manner and take responsibility for the protection of its data wherever it resides. If a company is not diligent in putting in place solid, ongoing third-party and vendor management programs to secure vendor access, and following it up with good oversight and audit, then the sins of the third party may become the sins of the company.

About the Author
Tony Howlett is a published author and speaker on various security, compliance, and technology topics. He serves as President of (ISC)2 Austin Chapter and is an Advisory Board Member of GIAC/SANS. He is a certified AWS Solutions Architect and holds the CISSP, GNSA certifications, and a B.B.A. in Management Information Systems. Currently, Tony is the CISO at SecureLink, a vendor privileged access management company based out of Austin, Texas.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
US Formally Attributes SolarWinds Attack to Russian Intelligence Agency
Jai Vijayan, Contributing Writer,  4/15/2021
Dependency Problems Increase for Open Source Components
Robert Lemos, Contributing Writer,  4/14/2021
FBI Operation Remotely Removes Web Shells From Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/14/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-04-23
In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the snapper.diff function...
PUBLISHED: 2021-04-23
The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized (when the property exists but is undefined) is considered to be false within the https.request function of Node.js. In other words, no certificate is ever rejected.
PUBLISHED: 2021-04-22
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromi...
PUBLISHED: 2021-04-22
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromi...
PUBLISHED: 2021-04-22
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attac...