CDM-CYBER-DEFENSE-eMAGAZINE-March-2019
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Organizations will also frequently inherit third-party risks through M&A activity, as seen with the<br />
data breach reported by Marriott International in November 2018. The incident is one of the largest<br />
in history, with the information of more than 500m customers being stolen. However, the breach<br />
originated with Starwood Hotels in 2014 and went unnoticed when the firm was acquired by<br />
Marriott in 2016.<br />
Balancing risk and opportunity<br />
While the increased reliance on digital third-party providers can quickly elevate a company’s<br />
exposure to risk, firms cannot afford to shun digitalization. The flexibility and efficiency created<br />
by digital strategies are essential for retaining a competitive advantage, and is all but impossible<br />
to achieve without the use of third-party providers for cloud, IoT and mobile technology.<br />
This means organizations must be able to balance the opportunities presented by third parties<br />
against the potential threats they may introduce. While companies are well-used to performing<br />
similar analysis for calculating ROI and assessing financial risks, evaluating cyber risks is still a<br />
relatively new and unfamiliar school of thought.<br />
Companies need to ensure that a thorough cyber risk assessment is completed for any new<br />
partner or service provider they take on as a matter of course. More than this however, they also<br />
need to have real-time intelligence on the companies already in their ecosystem. The world of<br />
cyber threats moves so quickly that a previously secure partner could become a potential risk at<br />
any moment. Organizations need to spot potential threats against their connections before they<br />
can come to fruition and lead to an attack.<br />
By analyzing real-time threat activity targeting third parties alongside third-party infrastructure and<br />
vulnerability data, organizations can achieve a more accurate and complete view of risk, enabling<br />
them to understand current weaknesses and evaluate potential impact against the organization.<br />
Searching for risk indicators<br />
To be truly accurate and reliable, threat intelligence must gather data from a number of different<br />
sources, both open and hidden.<br />
One of the most obvious open risks is the use of vulnerable technology. Third parties that rely on<br />
web technology that is often exploited by attackers present an increased risk of compromise for<br />
their partners, particularly if they are failing to keep them patched and updated. Threat intelligence<br />
can also determine if real threat actors are actively targeting vulnerabilities present in a partner’s<br />
technology.<br />
Another clear indicator of risk is the presence of IT infrastructure misuse or abuse. The use of an<br />
IP address hosting a command and control server would present a very clear threat to the firm<br />
and any of its connections.<br />
Domain abuse presents an additional and powerful example that a company is being actively<br />
targeted by cybercriminals and is a potential threat. The existence of lookalike “typo squat”<br />
domains registered to impersonate an organization indicate that it is being involved in a phishing<br />
campaign or targeted attack.