They say a chain is only as strong as its weakest link. That holds true with cybersecurity practices as well. Most companies outsource services to companies like yours. And what we do to protect ourselves directly impacts the overall cybersecurity postures of our customers.
Examples of How Third-Party Breach Affects Your Business
The first example revolves around the Kaseya VSA ransomware attack that occurred in July 2021. In a short summary, the attack didn’t just affect Kaseya. It also affected Managed Service Providers who used their software and their customers. Further, this breach affected an estimated 2000 businesses. As a result, customers were told to shut down their servers until told otherwise. Meanwhile, the internal team tried to figure out the cause of the problem.
Now, let’s take a look at camera maker Verkada. Login information for their admin tools were found online. Consequently, hackers were able to view videos from nearly 150,000 cameras. There were all sorts of video footage. This included prisoners in county jails, factories for carmaker Tesla, and the offices of Internet-infrastructure firm Cloudflare.
Why Do Companies Want to Know My Cybersecurity Practices?
There’s a lot of talk around third-party vendor risk management. The Kaseya example above is one of the many reasons why. Companies that you do business with want to know what you’re doing to protect yourself and the information and resources you’re providing to their business. Therefore, you’ll likely begin seeing cybersecurity risk assessment questions on Requests for Proposals and as a part of Master Service Agreements. Vendor risk assessments are here to stay!
Furthermore, an effective way to build trust with your clients is to follow a cybersecurity framework. NIST CyberSecurity Framework is one example. By following the framework, it demonstrates to clients and partners that you take, not just your own, but also their security seriously. For help on how to best implement the NIST cyber security framework, contact QuickProtect.