Organizations are now connected to more third parties than ever before. Not only does the average organization have hundreds or even thousands of third-party connections, but each of these will have its own complex web of suppliers. This means that an organization can easily find itself exposed to a security threat due to a vulnerability in a company four or five layers removed along the supply chain.
A recent example is the compromise suffered by Korean biometric specialist Suprema. The firm’s technology was used by Nedas, which itself provided access control systems to more than five thousand different organizations, including the police, defense firms, and banks. As a result, the fingerprints of more than one million people were left exposed, alongside facial recognition information and encrypted usernames and passwords.
The incident is just one of many that demonstrates how an organization’s data is exposed to threats outside the control of their own defenses. In order to operate in the interconnected digital world, enterprises must equip themselves with the ability to identify and mitigate these threats wherever they emerge.
The interconnected web of risks
The explosion in the use of cloud-based applications, in particular, has greatly increased the number of third parties holding a company’s data or accessing its network. Research has found that the average large enterprise uses close to one thousand different cloud-based applications, with many of these taking the form of shadow IT software by individual users that may not be on the CISO’s radar.
Applications and services are often granted direct access to corporate data, which means sensitive information can quickly spread across multiple third parties outside of the network. While a firm can invest in the best security defenses to protect their own corporate network, they cannot ensure the same standards for their entire supply chain.
Implementing strong supplier vetting processes and adding specific standards to supplier contracts will help to weed out many security liabilities, but it is impossible to play gatekeeper for every connection and prevent breaches within the thousands of other companies.
Third party, first responsibility
The threat posed by a third-party data breach has grown in recent times with the introduction of the GDPR. Organizations that are found to have been negligent in their data security are still liable for heavy punitive action by the regulators, even if the actual breach was caused by a third party.
While enterprises cannot always prevent the loss of data through their supply chain, they can mitigate the impact of a third-party breach by gaining visibility over data outside of the corporate network.
Monitoring for breaches
First and foremost, enterprises need to know when their data has been stolen or leaked outside of their own perimeter. This requires real-time threat intelligence that accounts for multiple surfaces, including Deep and Dark Web sources that are ordinarily hidden from view.
Using targeted alerts for specific data sets will allow the company to receive an immediate warning as soon as its data appears, whether it has been stolen, leaked online or is being offered up for sale by cyber-criminals. This will enable the security team to immediately launch incident response activities, including notifying affected customers, changing relevant login credentials, and locating and closing the vulnerability that has led to the breach.
With such a vast number of sources to account for, breach alerts can quickly become overwhelming if not managed properly. Combining a multitude of sources into a single stream will make it easier to monitor and prevent alert fatigue. Similarly, tuning monitoring and alerts to specific data will help to reduce the number of false positives, making it more likely that the alerts received by the security team are relevant and actionable.
Plugging the leak
Valuable data sets such as customer databases can quickly spread across multiple third-party connections, which means that even if a breach is discovered, it can be all but impossible to determine where it originated.
Firms can address this challenge by implementing a digital watermarking system for all of their data. By imprinting a unique watermark each time it is downloaded, the security team can quickly and easily determine its origin, if it ever ends up in the hands of criminals.
Organizations can then alert the relevant third party and ensure that they take the necessary action to close any security vulnerabilities that led to the breach. In many cases, this may even be the first time the supplier becomes aware that they have suffered a security incident.
Alongside breaches instigated by threat actors, tracking the origin of leaked data can also help to expose poor practice by suppliers or individuals themselves, such as the sale of customer data to data brokers or criminals.
Narrowing the scope
Dark Web monitoring can also be invaluable for post-breach damage control. If a set of stolen data is discovered and contains the watermark used by a particular third party, the company will know that the breach is limited only to the data that particular supplier can access. This means they can concentrate on notifying only the customers involved, rather than having to send an alert to their entire customer base.
This kind of insight is particularly invaluable in the post-GDPR world. Tracking down the source of a data breach to a third party will demonstrate a high level of responsibility from the company and potentially reduce both fines and reputational damage.
By equipping themselves with the ability to quickly recognize stolen data and identify its source, organizations can help to reduce the risks created by the interconnected business world and protect their data, regardless of where it ends up.