Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

11/9/2020
09:00 AM
Tony Howlett, CISO at SecureLink
Tony Howlett, CISO at SecureLink
Sponsored Article
50%
50%

Third-Party Remote Access Is Your Network's Weakest Link

Learn how you can keep your company's data safe and what role VPNs, phishing attacks, and privileged credentials play in relation to vendor access management.

Third parties, contractors, and vendors play a dangerous role when it comes to data breaches. These types of breaches can cost your organization millions of dollars and will only continue to become larger and more frequent. In fact, research shows that nearly half of all data breaches involve a third party or vendor. Many organizations are implementing different solutions trying to protect against third-party cyber-risk, but most fall short, aren't efficient, and end up giving third parties too much access. In order to protect your data against the risks that come with third-party access, you should invest in a vendor access management solution.

Hackers often infiltrate companies through third-party access because this can be the weakest link in the network. What makes this even more attractive is that vendors often have access to multiple customer networks so hackers can get a lot of data for the effort of a single hack. Organizations need to be vigilant with the access they give to third parties and watch out for the most common paths hackers take to gain access.

VPNs — Nothing but Access
Virtual private networks (VPNs) are used by nearly every organization, especially as we see an increase in the need for remote access. VPNs are great when providing a connection to internal yet remote employees accessing internal resources, but this is where the functionality of VPNs stops. VPNs provide nothing beyond encrypting data between two points of access.

Organizations need to ensure that all external third parties have secure access to only the networks, systems, and information they need. With a vendor access management solution, users are given access only to resources they need to get their job done while being compliant with necessary regulations and industry requirements. Vendor-specific solutions allow for secure access to only what matters, rather than full access to your entire network.

Phishing Attacks From the Outside
Phishing has become extremely sophisticated and research shows that, on average, 90% of data breaches stem from a phishing attack. Organizations may conduct internal phishing tests to help educate employees on how to outsmart a phishing attack, but this doesn't account for the people you don't directly hire. Your third parties could be untrained and susceptible to a phishing attack that could inadvertently compromise your network, especially if it's through a VPN or another tool that wasn't specifically made for vendor connections. In order to protect against phishing attacks, it's important that all parties involved are educated with regular phishing simulation tests and security awareness training to ensure nothing is compromised.

The Dangers of Ransomware
Ransomware is another common danger that insecure third-party access can bring. The cost of ransomware attacks surpassed $7.5 billion in 2019 with downtime costs increasing 200% year-over-year. Ransomware attacks have caused severe downtime across many industries that provide critical infrastructure.

Beyond being expensive, ransomware attacks can be a danger to public safety, and organizations need to be prepared so that their information security systems are able to handle these attacks. Organizations should implement a well-rounded cybersecurity strategy that can keep track of third-party activity and reveal signs of a breach before they happen.

Privileged Credentials Are a Threat
Credentials are not, and should not be, created equally. Privileged or administrative credentials have access to vastly greater resources than regular users and can unlock further privileges for other employees when necessary. External third parties should almost never be given this level of access. Even though a third-party vendor rep may not have bad intentions, a bad actor can co-opt their machine via phishing or other attack and take advantage of their credentials to gain access into your network and systems. Thus, it's critically important for organizations to oversee and regularly audit all third-party activity.

Organizations need a vendor access management solution in order to control the access a vendor needs in a secure way to avoid any compromises. Credentials being written on a sticky note or, worse, sent via plaintext email to your vendor don't cut it anymore and open up your organization to countless security vulnerabilities. Organizations need to invest in a solution specifically for managing vendors in order to have full visibility into vendor access and have centralized software to manage secure access.

Whether it is an outside vendor or contractor, taking the security of any third party with access to your network credentials seriously is of the utmost importance. Organizations need to critically think of their data governance in a holistic manner and take responsibility for the protection of its data wherever it resides. If a company is not diligent in putting in place solid, ongoing third-party and vendor management programs to secure vendor access, and following it up with good oversight and audit, then the sins of the third party may become the sins of the company.

About the Author
Tony Howlett is a published author and speaker on various security, compliance, and technology topics. He serves as President of (ISC)2 Austin Chapter and is an Advisory Board Member of GIAC/SANS. He is a certified AWS Solutions Architect and holds the CISSP, GNSA certifications, and a B.B.A. in Management Information Systems. Currently, Tony is the CISO at SecureLink, a vendor privileged access management company based out of Austin, Texas.

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Google's new See No Evil policy......
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2005-0394
PUBLISHED: 2021-06-18
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
CVE-2007-3733
PUBLISHED: 2021-06-18
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
CVE-2021-21997
PUBLISHED: 2021-06-18
VMware Tools for Windows (11.x.y prior to 11.3.0) contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows guest operating system, where VMware Tools is installed, can trigger a PANIC in the VM3DMP driver leading to a denial-of-serv...
CVE-2021-26834
PUBLISHED: 2021-06-18
A cross-site scripting (XSS) vulnerability exists in Znote 0.5.2. An attacker can insert payloads, and the code execution will happen immediately on markdown view mode.
CVE-2021-26835
PUBLISHED: 2021-06-18
No filtering of cross-site scripting (XSS) payloads in the markdown-editor in Zettlr 1.8.7 allows attackers to perform remote code execution via a crafted file.