6 steps to stop hacks via a contractor or supplier
(Editor’s note: Infecting the computer of a contractor or supplier in order to infiltrate the network of a partner company continues to be a major attack vector. In this ThirdCertainty guest essay, Tom Sammel, Senior Manager of Dell SecureWorks’ Incidence Response Practice, outlines tips for small- and medium-sized businesses (SMBs) to avoid becoming part of such attacks.)
by Tom Sammel, Special to ThirdCertainty
Nothing has been able to stem the tide of hackers targeting SMBs as a foothold to infiltrate the networks of their enterprise customers.
In the past year, it was reported that several brand name retailers and restaurant chains had significant breaches, as a result of hackers initially compromising their third- party vendors.
The hackers count on an organization’s third-party vendors having fewer security protections in place. Their goal is to get their hands on vendor credentials, then use those logons to access the targeted organization’s network under the guise of a trusted partner.
Once in, we have seen the hackers steal everything from an organization’s valuable trade secrets to Intellectual Property to customer credit and debit cards, or even executing illicit financial transactions.
SMBs work hard to establish trusted relationships with their marquee clients. The last thing they want is to be the access point by which a cyber criminal breaks into their customer’s network.
SMBs should welcome the opportunity to work with their larger customers to have their network access better secured. They should also view regular security assessments as a proactive and positive approach to security, one that can only benefit them, as well as their customer.
Here are six security steps third-party vendors and larger organizations, who rely on collaborating with contractors and suppliers, — can follow to help mitigate the risk of a breach. better protect themselves:
- Implement restrictive access controls for the third party. This may include restriction to certain times of day, or maintenance windows. Access may also be restricted to occur through a separate VPN (or like) device, where monitoring and logging can occur at a much higher level of fidelity.
- Implement Two-Factor Authentication as a critical control for remote access.
- Restrict access of the third party (of their credentials) to only occur from their designated IP address (is), and only using the protocols necessary for the communication. This limits the ability of the attacker from launching attacks from the attacker IP addresses, using stolen credentials.
- Ensure that the client environment is configured to alert to geolocation, time, number of devices connected to, etc. If the vendor does not have a need to conduct Remote Desktop Protocol, then that should be explicitly prohibited, or alerted as a high fidelity event if attempted, at a minimum.
- Implement Application White Listing on systems touched by the third party vendor (as best as is possible)
- Implement more frequent auditing of all third party accounts, especially privileged accounts. Ensure that the third party is verifying, in writing, the continuing need for a specified account credential.
(Editor’s note: For detailed guidance on more approaches and strategies to operating more securely and efficiently contact experts at IDT911 .)
More on emerging best practices