Watch Out for Third-Party Attack Vectors
Third-party vulnerabilities are one of the most likely "attack vectors" in the information security landscape today – with retailer Target being the most notable victim of late. But conducting business without relying on any outside partners is nearly impossible and certainly cost prohibitive. It is imperative to have a comprehensive vendor risk management strategy and analysis that includes a digital security component. Understand the risks of outsourcing functions and make sure that you're comfortable with the vendor's privacy and security posture in advance of committing to the relationship.
Additionally, don't overlook nested relationships that come with doing business with third parties. Know how your vendors are protecting their relationships with other parties and the potential impact that could have on your sensitive data. Look for partners that own security end to end within their organizations and, at the very least, be diligent in evaluating and determining what additional parties are also involved in the service provided.