Safeguarding your organisation from attacks by third-party vendors

Morey Haber, chief technology officer and chief information security officer at BeyondTrust, discusses.
Business, Strategy, Safety, Security, CYBERSECURITY


Think cybersecurity is a losing battle? Think again, says Morey Haber.

Realising that most large organisations today have sophisticated security defences, bad actors are beginning to target third-party vendors, as a means to gain access to an enterprises’ network. In fact, in 2018, more than 11 significant breaches were caused by exploitation of third-party vendors and according to Carbon Black’s 2019 Global Incident Response Threat Report, 50% of today’s attacks leverage what they call, “island hopping”, where attackers are not only after an enterprises’ network, but all those along the supply chain as well.

IT admins, insiders, and third-party vendors need privileged access to perform their roles, but this shouldn’t mean ceding control of the IT environment to them. Organisations typically allow vendors to access their networks to perform a variety of different functions. However, this privileged access should be secured to the same (or higher) extent as the organisation’s internal privileged users. Neglecting to do so will create a weak spot in your organisation’s security that is ripe for exploit.

Because organisations typically use IT products and software solutions from a variety of vendors, IT is tasked with the enormous burden of having to secure remote access for these vendors, so that they may provide maintenance and troubleshooting for their products. As a consequence, organisations are faced with the dilemma of having to provide the needed access while also guarding against malware and bad actors entering through third-party connections.

Given that third-party vendors are an integral part of most organisations’ ecosystem – something that isn’t going to change anytime soon – there are seven steps you can take to exert better control over third-party vendor network connections and secure remote access.

Monitor & examine vendor activity

First, it’s imperative to scrutinise third-party vendor activity to enforce established policies for system access. You want to understand whether a policy violation was a simple mistake, or an indication of malicious intent. You should implement session recording to gain complete visibility over a given session. And finally, you should correlate information so that you have a holistic view that enables you to spot trends and patterns that are out of the ordinary.

Here are some ways to approach monitoring:

• Inventory your third-party vendor connections to understand where these connections come from, what they are connected to, and who has access to what.
• Look for firewall rules that permit inbound connections for which you are unaware.
• Perform vulnerability scans on your external-facing hosts to search for services that are listening for inbound connections.
• Validate that your enterprise password security policies apply to accounts on inbound network connections.
• Implement policies and standards specific to third-party issues, and use technical controls to enforce them.
• Monitor for any security deficiencies and then address them.

Limit network access

Most of your vendors only need access to very specific systems, so to better protect your organisation, limit access using physical or logical network segmentation and channel access through known pathways. You can accomplish this by leveraging a privileged access management solution to restrict unapproved protocols and direct approved sessions to a predefined route.

Apply multiple robust internal safeguards

As with other types of threats, a multi-layered defence is key to protecting against threats arising from third-party access. Apply encryption, multi-factor authentication (MFA), and a comprehensive data security policy, amongst other measures.

Educate your internal and external stakeholders

On average, it takes about 197 days for an organisation to realise that it has been breached. A lot of damage can be done in 197 days. Educate across the enterprise and continually reinforce the message that the risks are real.

Conduct vendor assessments

Your service-level agreement (SLA) with third-party vendors should spell out the security standards you expect them to comply with, and you should routinely review compliance performance with your vendors. At a minimum, your vendors should implement the security basics, such as vulnerability management. You should also enforce strong controls over the use of credentials—always with a clear line-of-sight into who is using the credential, and for what purpose. 

Authenticate user behaviour

Vendor and partner credentials are often very weak and susceptible to inadvertent disclosure. Therefore, the best way to protect credentials is to proactively manage and control them. You can do this by eliminating shared accounts, enforcing onboarding, and using background checks to identity-proof third-party individuals that are accessing your systems.

Prevent unauthorised commands & mistakes

One step you want to take is to broker permissions to various target systems using different accounts, each with varying levels of permission. You should restrict the commands that a specific user can apply, via blacklists and whitelists, to provide a high degree of control and flexibility. To this end, use a privileged access management solution, enable fine-grained permission controls, and enforce the principle of least privilege (PoLP).

Vendor access is often inadequately controlled, making it a favoured target of cyber-attackers. By layering on these seven steps, you can exert better control over third-party access to your environment and make significant progress toward reducing cyber risk.

REGISTER NOW | Webinar Event | Security you can bank on – Safeguarding the Middle East’s financial sector

Presented in partnership with security and network specialist Cybereason, the second in the three part webinar series will bring together a panel of experts to discuss how banks and financial institutions are evolving their service offering while simultaneously staying one step ahead of the cyber criminals who seek to bring their operations crashing to the ground.

Editor's Choice

Emerson expands analytics platform for industrial enterprise-level wireless infrastructure management
Plantweb Insight platform adds two new Pervasive Sensing applications that manage wireless networks more efficiently with a singular interface to the enterprise
Digitalisation seen as a competitive advantage by Middle East private businesses
Nearly 80 per cent of private business leaders acknowledge that digitalisation can impact business sustainability
Etisalat introduces Multi-Access Edge Computing architecture delivering best-in-class video streaming performance for 5G networks
MEC architecture achieves performance gains of as much as 90% in video streaming, validating how ultra-low-latency applications will be delivered over 4G and 5G networks

Most popular

Don't Miss a Story