Explainers & Guides

Third-Party Data Breaches

What are third-party data breaches and how do you prevent them?

Third-Party Data BreachesThird-Party Data Breaches

In the modern world, companies rely on complex supply chains of different vendors to offer their goods and services. One company might use another to operate their payroll, and another to do their email services.

These third parties face their own security risks and have their own cyber security attack surface. When an attacker compromises a third party, they can then access the data of their clients.

A third-party data breach occurs when one of your vendors is compromised and as a result, your data is also breached. Let’s take a look at an example of this.

Example: Credential Stuffing

In credential stuffing attacks, the compromised login information from one website is used to gain control of accounts on other websites using the same credentials. For example; if you use the same username and password on a compromised pizza delivery website as on an online banking site, if those details are compromised, they can then be used to take control of your online banking.

Security measures like enabling Two Factor Authentication (2FA) and generating distinct passwords for each website using a password manager can help prevent these kinds of credential stuffing attacks.

By checking for 2FA support in vendor risk assessments, you can help prevent these kinds of attacks. Tools like Risk Ledger allow you to systematically understand the risks of third-party vendors by understanding how well they adhere to various forms of security best practices. These tools can then go deeper, to understand fourth- and fifth-party security too.

Example: Data Sovereignty

Regulations increasingly require tighter controls when data is transferred outside of various jurisdictions. For example, the EU’s GDPR restricts the transfer of data outside the European Economic Area (EEA). When data is transferred between different jurisdictions, tighter rules can apply to ensure that the same data governance principles are adhered to.

Platforms like Risk Ledger help ensure that suppliers treat your data with the same level of care as you do internally. They also allow you to understand that those companies are also using trusted vendors who adhere to data protection best practices.

Preventing Third-Party Data Breaches

To protect your data, it is important to continuously understand how your vendors are doing at adhering to security best practices. Before onboarding new vendors, assess them for security best practices and only give them as much access to your data as they absolutely need. Throughout this lifecycle, keep abreast of any changes.

If you want to take the manual overhead out of staying on top of your supply chain security, consider using a tool like Risk Ledger.

Explainers & Guides

Download for free

By submitting this form, you agree to Risk Ledger’s Terms of Service, Privacy Policy, and Risk Ledger contacting you.

Thank you!
Download
Oops! Something went wrong while submitting the form.
Explainers & Guides

Download for free

Download
Pattern Trapezoid Mesh

Join our growing community

Sign up to our monthly newsletter to receive exclusive research and analyses by our experts, the latest case studies from our clients as well as guides, explainers and more to turn your supply chain risk management programme into a resounding success story.