The digital economy has multiplied the number of suppliers that organizations work and interact with. Using a supplier can bring several benefits, including (but not limited to):
- Accelerating your revenue
- Enhancing customer loyalty
- Providing much needed and more flexible expertise and resources
Although suppliers benefit the balance sheet, the increased number of suppliers can create a huge headache for security teams: the truth is that third parties alter—and increase—the potential attack surface of an individual or organization.
These days, relationships between an organization and a third-party are mutually beneficial in that the organization grants the third party access to its digital systems in return for its services. But depending on the level of integration between the two parties, such access could allow the third-party to hold some of the organization’s most sensitive data.
Threat actors are drawn to supply chains by the nature of this sensitive data. With a successful compromise, that data can be monetized on criminal forums, be used for fraud, or offer a strategic advantage to those seeking intellectual property.
Fig 1: Instances of supply chain attacks. Source: Digital Shadows (now ReliaQuest) Shadow Search
Supply-chain attacks are widely reported to be growing in popularity. In fact, according to a study conducted by Ponemon Institute in 2018 for US organizations, 61% of breaches were caused by one of their vendors or third parties. That’s 5% higher compared to the previous years of study.
The challenge for security professionals is ensuring that suppliers aren’t exposing their systems or data. A challenge made even more difficult if the organization uses lots of suppliers. It is thought that suppliers can range from tens to thousands, in some cases hundreds of thousands.
Bolster your security with continuous monitoring
But security professionals need not face this challenge alone. There are plenty of measures in place to help reduce the likelihood of a third-party exposing this sensitive data, including privacy impact assessments, background assessments, and vendor risk scoring.
However, a reassuring point-in-time risk score of a vendor can give you a false sense of security: effective third-party risk monitoring must be continual. What’s more, if you’re not assuming that your third-party is exposing you, and taking measures to mitigate it, you are burying your head in the sand. Last year, we recorded a webinar with ADP where they provided some of the best practices, including the use of security audits, insider threat programs and segmentation of network access.
Monitoring Third Party Risk with Digital Shadows (now ReliaQuest)
With third parties continuing to expose organizations, here’s how you can safeguard your data with our service, Digital Shadows SearchLight (now ReliaQuest GreyMatter DRP)™.
1. Detecting third-party data exposure instantly with SearchLight: Our instant data detection module, allows organizations to detect inadvertent documents exposed by third parties, across a broad number of data sources. Monitoring for data exposure is critical. As you may recall, earlier this year in May 2019, the Photon Research team published a report, Too Much Information: The Sequel, which identified more than 212,000 files exposed by a third party for a small IT consulting company in the United Kingdom. In this case, passwords were exposed in plaintext, and two instances in which the password lists included the passcode to an individual’s cell phone.
Figure 2: Hundreds of thousands of files exposed by UK consulting firm
This is just one example… there have been many other instances of contractors and third parties exposing sensitive data via misconfigured devices and file sharing services. Our research report findings shared that there were 700,000 instances of payroll information, 65,000 tax return documents, 700 penetration tests, and 5,800 documents on security audits.
2. Monitor credentials associated with third-party applications: Digital Shadows (now ReliaQuest)’ former research highlighted that criminals are constantly on the hunt for your business emails (Business Email Compromise: When You Don’t Need to Phish). If credentials are obtained, say from a breach, this could result in account takeover. Using SearchLight, organizations can continuously monitor for credentials in breaches to prevent compromise even further. We’ve currently collected more than 14 billion credentials – a number that continues to grow.
3. Keep track of incidents affecting suppliers: Access a wealth of timely updates on incidents which may affect your suppliers, simply by accessing our intelligence library. Using Office365, Intel, or WordPress? Just filter by that tag and you’ll be alerted to incidents involving those technologies.
Figure 3: Stay up-to-date with public incidents affecting your supply chain
4. Tailor your monitoring via Shadow Search: Using the ‘Saved search’ function in Shadow Search, you can easily monitor for mentions of third parties across our public intelligence library (as described above), but also any mentions across blog posts, dark web sources, and more.
Figure 4: Shadow Search: Monitor for mentions of your supply chain across a wealth of sources
Want to see how all of this works? Search for your own third parties in Test Drive. Request a demo of SearchLight (now ReliaQuest’s GreyMatter Digital Risk Protection)here.
Protect your data, whoever exposes it
Don’t assume your data is safe because you’ve completed a vendor risk questionnaire, or the third-party has a promising risk score. Data finds a way online, and you should find a way to detect it when it does.
To learn more about data leakage detection, check out our resources at https://resources.digitalshadows.com/data-leakage-detection.