COVID-19 has exposed new levels of third-party security risk for enterprises. Many companies now use outside service providers to manage essential operations or house sensitive information. Data centers host company data, including the personal information of employees and customers. Corporate administration and other business functions are handled by SaaS platforms. Payment processes are handled by outside providers. These are just a few examples.
Many third-party service providers have been forced to furlough employees, sell off a division of the company, or shut down operations altogether in the wake of COVID's economic toll. In consequence, their ability to maintain the security of processes and data has been compromised.
Meanwhile, a widespread set of vulnerabilities named Ripple20 could make enterprises and third-party partners even more exposed. The vulnerable code was built to connect devices to enterprise networks and the Internet and has been found in devices of at least 50 manufacturers. Supply chains that rely on connected devices with extended usage periods of five or more years to support critical operations could be the most impacted.
Enterprises must be aware of the heightened security risks posed by third parties and take steps to both gain visibility into the problem and address it quickly.
High Stakes for a Third-Party BreachThe heightened risk to third-party service providers navigating COVID-19 spans multiple areas, and the consequences could be severe. Laid off or furloughed employees could exfiltrate enterprise documents or emails with sensitive customer information such as inappropriately embedded passwords. Employees often send documents to personal emails to help them find or succeed in a new job. Even when not done maliciously, these actions leave sensitive information on home networks and personal accounts, which are more ..
Support the originator by clicking the read the rest link below.
