6 steps to stop hacks via a contractor or supplier

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

(Editor’s note: Infect­ing the com­put­er of a con­trac­tor or sup­pli­er in order to infil­trate the net­work of a part­ner com­pa­ny con­tin­ues to be a major attack vec­tor. In this Third­Cer­tain­ty guest essay, Tom Sam­mel, Senior Man­ag­er of Dell Secure­Works’ Inci­dence Response Prac­tice, out­lines tips for small- and medi­um-sized busi­ness­es (SMBs) to avoid becom­ing part of such attacks.)

by Tom Sam­mel, Spe­cial to ThirdCertainty

Noth­ing has been able to stem the tide of hack­ers tar­get­ing SMBs as a foothold to infil­trate the net­works of their enter­prise customers.

In the past year, it was report­ed that sev­er­al brand name retail­ers and restau­rant chains had sig­nif­i­cant breach­es, as a result of hack­ers ini­tial­ly com­pro­mis­ing their third- par­ty ven­dors.

The hack­ers count on an organization’s third-par­ty ven­dors hav­ing few­er secu­ri­ty pro­tec­tions in place. Their goal is to get their hands on ven­dor cre­den­tials, then use those logons to access the tar­get­ed organization’s net­work under the guise of a trust­ed partner.

More: 3 steps for fig­ur­ing out if your busi­ness is secure

Once in, we have seen the hack­ers steal every­thing from an organization’s valu­able trade secrets to Intel­lec­tu­al Prop­er­ty to cus­tomer cred­it and deb­it cards, or even exe­cut­ing illic­it finan­cial transactions.

SMBs work hard to estab­lish trust­ed rela­tion­ships with their mar­quee clients. The last thing they want is to be the access point by which a cyber crim­i­nal breaks into their customer’s network.

Tom Sammel
Tom Sam­mel

SMBs should wel­come the oppor­tu­ni­ty to work with their larg­er cus­tomers to have their net­work access bet­ter secured. They should also view reg­u­lar secu­ri­ty assess­ments as a proac­tive and pos­i­tive approach to secu­ri­ty, one that can only ben­e­fit them, as well as their customer.

Here are six secu­ri­ty steps third-par­ty ven­dors and larg­er orga­ni­za­tions, who rely on col­lab­o­rat­ing with con­trac­tors and sup­pli­ers, — can fol­low to help mit­i­gate the risk of a breach. bet­ter pro­tect themselves:

  1. Imple­ment restric­tive access con­trols for the third par­ty.  This may include restric­tion to cer­tain times of day, or main­te­nance win­dows.  Access may also be restrict­ed to occur through a sep­a­rate VPN (or like) device, where mon­i­tor­ing and log­ging can occur at a much high­er lev­el of fidelity.
  2. Imple­ment Two-Fac­tor Authen­ti­ca­tion as a crit­i­cal con­trol for remote access.
  3. Restrict access of the third par­ty (of their cre­den­tials) to only occur from their des­ig­nat­ed IP address (is), and only using the pro­to­cols nec­es­sary for the com­mu­ni­ca­tion.  This lim­its the abil­i­ty of the attack­er from launch­ing attacks from the attack­er IP address­es, using stolen credentials.
  4. Ensure that the client envi­ron­ment is con­fig­ured to alert to geolo­ca­tion, time, num­ber of devices con­nect­ed to, etc. If the ven­dor does not have a need to con­duct Remote Desk­top Pro­to­col, then that should be explic­it­ly pro­hib­it­ed, or alert­ed as a high fideli­ty event if attempt­ed, at a minimum.
  5. Imple­ment Appli­ca­tion White List­ing on sys­tems touched by the third par­ty ven­dor (as best as is possible)
  6. Imple­ment more fre­quent audit­ing of all third par­ty accounts, espe­cial­ly priv­i­leged accounts.  Ensure that the third par­ty is ver­i­fy­ing, in writ­ing, the con­tin­u­ing need for a spec­i­fied account credential.

(Editor’s note: For detailed guid­ance on more approach­es and strate­gies to oper­at­ing more secure­ly and effi­cient­ly con­tact experts at IDT911 .)

More on emerg­ing best practices

Encryp­tion rules ease retail­ers’ burden

Track­ing priv­i­leged accounts can thwart hackers

Impen­e­tra­ble encryp­tion locks down Inter­net of Things



Posted in Cybersecurity, Data Security, Guest Essays