'Trusted' Third Parties Responsible For Almost Half Of All Break-Ins
Prachi Patel-Predd writes in IEEE Spectrum:
If you’re the owner of a retail-store chain or a financial-services company, it is your responsibility to keep your customer’s credit card number or social security number safe. But how can you control what goes on outside your company’s doors? Your credit card machine’s vendor could overlook a software vulnerability. Or an employee at the call center handling your customer-service calls could turn sour on his employer.More here.
Data breaches involving trusted third parties—business partners, vendors, suppliers, and contractors—are alarmingly on the rise, according to a recent investigation by the security team at Verizon Business. While studying about 500 incidents worldwide between 2004 and 2007, the RISK Team found that cases involving partner organizations, willing or unwitting, went up fivefold, reaching 44 percent in 2007. Hackers and other outsiders, meanwhile, were directly responsible for close to 80 percent of the breaches. (There was some overlap among the cases.)