They say a fence is only as strong as its weakest link, that holds true with cyber security as well. With most companies outsourcing services to companies like yours (and ours!), what we do to protect ourselves directly impacts the overall cyber security postures of our customers.
An example of how a third-party can affect your business’ cyber security is the Kaseya VSA ransomware attack that occurred in July 2021. The attack didn’t just affect Kaseya, but also MSPs who used their software and their customers. It is estimated that 2000 businesses were affected by the breach.
Another of how a third-party breach can affect your business involves camera maker Verkada. Login information for their admin tools were found online. As a result, hackers were able to view videos from nearly 150,000 cameras. Video footage included prisoners in county jails, factories for carmaker Tesla, and the offices of Internet-infrastructure firm Cloudflare.
There’s a lot of talk around 3rd party vendor risk management, and the example above is one of the many reasons why. Companies that you do business with want to know what you’re doing to protect yourself AND any information and resources you’re providing to their business. Don’t be surprised to see cyber security risk assessment questions on RFPs and as part of MSAs (Master Service Agreements). Vendor risk assessments are here to stay!
One of the best ways to build trust with your business partners and clients is to follow a cyber security framework, like the NIST Cyber Security Framework. By following the framework, it demonstrates to clients and partner that you take not just your own, but also their security seriously. For help on how to best implement the NIST cyber security framework, contact QuickProtect.