Cyber Defense eMagazine June 2021 Edition

More documents

Recommendations

Info

Not only are third-parties becoming an increasingly popular attack vector, but in a new study produced by SecureLink and the Ponemon Institute, there’s an alarming disconnect between an organization’s perceived threat to third-party access and the security measures it employs. In surveying 627 security professionals, this latest study, “A Crisis in Third-Party Remote Access Security,” found that within the past 12 months, 44% of organizations have experienced a breach with 74% saying that it was the result of giving too much privileged access to third parties. What’s more, 51% say their organizations are not assessing the security and privacy practices of all third-parties before granting them access to sensitive and confidential information. The solution, thankfully, is simply to start putting resources behind vetting third-parties and implementing security measures that go beyond just inherent trust. Here are three starting points for assessing and shoring up your own third-party access security. Prioritizing Network Transparency Before implementing any changes or added measures, the first step is to assess your exposure and take inventory of your current vendor access. Of those surveyed in the report, only 46% say that they have comprehensive inventory of third parties with permitted network access. Shockingly, nearly two-thirds (63%) say they don’t have any visibility into vendor access and their network permissions. An initial inventory of vendor access can make the transition to a third-party vendor management system much more straightforward, which can significantly mitigate the risk of a third-party breach. A platform designed to manage vendor access not only offers the ability to easily see who has access and how much, but also can log who accessed your systems, when they did it, and what they did. As they say, knowing is half the battle. Zero Trust Network Access Not only is an accurate inventory of access difficult for a majority of those surveyed, but 60% say that they are unable to provide the appropriate amount of access to their vendors. More often than not, most err on the side of giving vendors too much access, and then trusting that their vendor doesn’t suffer a breach of their own. With third-party breaches on the rise, trusting your vendors to limit breaches into your own systems just isn’t enough anymore. Implementing a third-party vendor management platform, however, allows for the implementation of a much more secure Zero Trust Network Access model. Inherent trust in a vendor is replaced with multifactor verification and privileged access management. Any time a vendor needs access to your systems, they must verify who they are, and once verified, only have access to exactly what they need. Trust can be abused; verification cannot. Cyber Defense eMagazine – June 2021 Edition 88 Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.
Evaluating Third-Party Security Practices As it stands today, third-party vendor management is not easy. Only now are companies realizing that it should be the security and technology teams, not legal and procurement departments, that are the ones responsible for managing vendor access. And when that responsibility shifts, IT departments find themselves overwhelmed — suddenly managing upwards of 500 vendors. Adopting a third-party vendor management platform can simplify the otherwise herculean task of taking inventory of third-party access, setting network permissions, and monitoring activity by consolidating into a single place. This, in turn, makes it easier to not only keep track of who has access, but also implement new security procedures. Instead of just giving a new vendor access, crossing your fingers, and hoping for the best, a third-party management solution can offer the transparency and security to know you’re protected against potential breaches. With more and more hackers targeting third-party vendors, signed contracts, strong reputations, and compliance checklists just aren’t enough anymore. Thankfully, the systems to make vendor management easier and more secure are out there — it’s now just a matter of deciding to put resources behind one. Read the report, "A Crisis in Third-party Remote Access Security", here. About the Author Joe Devine is the CEO of SecureLink, a leader in third-party remote access. Headquartered in Austin, Texas, SecureLink provides secure third-party remote access for both highly regulated enterprise organizations and technology vendors. Joe has been at the company since 2008, and previously held the role of president and chief operating officer. Joe can be reached online via LinkedIn: https://www.linkedin.com/in/joemdevine/ and at our company website: https://www.securelink.com/ Cyber Defense eMagazine – June 2021 Edition 89 Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.
Page 1 and 2:
Key Business Lessons Learned from T
Page 3 and 4:
Clean Water Shows Us Why Cyber Cert
Page 5 and 6:
@CYBERDEFENSEMAG CYBER DEFENSE eMAG
Page 7 and 8:
Cyber Defense eMagazine - June 2021
Page 9 and 10:
Page 11 and 12:
Page 13 and 14:
Page 15 and 16:
Page 17 and 18:
Page 19 and 20:
Page 21 and 22:
Page 23 and 24:
Page 25 and 26:
Page 27 and 28:
Page 29 and 30:
Page 31 and 32:
Page 33 and 34:
Exploiting Vulnerabilities Back in
Page 35 and 36:
Data Loss Prevention in Turbulent T
Page 37 and 38: ● ● ● ● ● Which sensitive
Page 39 and 40: A Digital Journey: A Long and Windi
Page 41 and 42: Unfortunately, some in IT may miss
Page 43 and 44: Why Ensuring Cyber Resilience Has N
Page 45 and 46: In terms of data safeguards, some o
Page 47 and 48: Case studies Recently, the GRIMM in
Page 49 and 50: About the Author Adam Nichols is th
Page 51 and 52: With 3G and 4G, mobile operators an
Page 53 and 54: Don’t Wait, Automate How An Indep
Page 55 and 56: configuration, but also for faster
Page 57 and 58: Data breaches can lead to huge fina
Page 59 and 60: Whom Do You Give Access to Communit
Page 61 and 62: Reapproaching Cybersecurity in A Di
Page 63 and 64: isk having to pay any fines? The an
Page 65 and 66: Penetration testing essence Being o
Page 67 and 68: In a nutshell Brand reputation and
Page 69 and 70: Plan Planning for ICS Security need
Page 71 and 72: About the Author Dirk Schrader is t
Page 73 and 74: Joseph Carson, chief security scien
Page 75 and 76: 1. Educate your people on the impor
Page 77 and 78: we’ve dealt with many breaches th
Page 79 and 80: Clean Water Shows Us Why Cyber Cert
Page 81 and 82: How Can You Protect the Security Pe
Page 83 and 84: Best Practices for Mitigating Insid
Page 85 and 86: Why We Care About Cybersecurity Hyg
Page 87: The Third-Party Remote Access Secur
Page 91 and 92: wake of the massive SolarWinds atta
Page 93 and 94: · Rethinking Unattended Access Day
Page 95 and 96: About The Author Ryan Heidorn is a
Page 97 and 98: In the traditional fortress model,
Page 99 and 100: Threat Hunting: Taking Action to Pr
Page 101 and 102: posture built on anticipating the u
Page 103 and 104: • Organizations depend upon CISOs
Page 105 and 106: Two Sides of the Same Coin: Providi
Page 107 and 108: security protocols. Given the const
Page 109 and 110: In this article, we will explain wh
Page 111 and 112: Protect Your Business from DDoS Att
Page 113 and 114: Undermining Public Trust The cycle
Page 115 and 116: Cyber Defense eMagazine - June 2021
Page 125 and 126: FREE MONTHLY CYBER DEFENSE EMAGAZIN
Page 129: Cyber Defense eMagazine - June 2021
show all

Cyber Defense eMagazine June 2021 Edition

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?