Third-party Vendor Security Risks

Sue Marquette Poremba
Slide Show

Top 10 Cyber Security Threats of 2011 and Beyond

The next decade portends new threats that surpass those of years past in both intensity and impact.

First, let me say that I am happy to see that the issue of spear phishing after the Epsilon breach has become an important part of the breach discussion (and has gone mainstream). I found it encouraging when I was told of at least one organization that sent out a warning to employees about the risks involved with spear phishing attacks and how to react to potential spam email.


Now I want to talk about another issue that has evolved from the Epsilon breach-third-party vendors and security risks. It appears that at least some of the companies involved are trying to claim innocence in the breach, that this was all on Epsilon's side and they (the companies) had nothing to do with it.


What happened at Epsilon could happen anywhere. The bottom line is that when you hire a third-party vendor that has access to information from your company, it is vital to have a solid security plan in place. I've spoken with CSOs who claim their third-party contracts require security measures as strict as the hiring company's-but they also admit that monitoring the third party's security isn't always easy.


Another question, then, arises: Should companies share who has access to their customers' information? Yes, according to Nicolas Christin of Carnegie Mellon University. In an interview posted at CU Info Security, Christin was quoted:

[B]anks and merchants should "come clean" about the information they share with outside entities.


No. 1, banks and retailers should come clean, in terms of who they're sharing data with. Banks especially should be mindful of ways they communicate with their customers. Some e-mails from my bank look like phishing e-mails because they are coming from a third party that does not use the same domain.

Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.