Business connections and professional networks are integral to an organization’s success, but they also harbor risks that threat actors can use to their advantage.
We asked FireEye Mandiant consultants to describe a few of the unexpected points of access that threat actors could exploit when targeting a company’s relationships. They offered several insights into where these risks are lurking and what organizations can do about them. We compiled their comments and advice into an eBook, Cyber Risk in Business Relationships: How Every Business Expands Unseen Risks, that is available right now.
The following are some highlights from the eBook:
- Threat actors seek out all levels of connectivity: As the circle of connectivity expands, so does the attack surface. Contacts at every level, from business associates to channel partners and from employees to customers, increase an organization's susceptibility to a breach. Consequently, cyber security protections are needed that addresses these areas of risk, wherever they occur across the organization.
- Acknowledge risk by association: Business affiliations present avenues of access for threat actors. One company may be a more highly prized target than they expected just because they offer an easier path to customers and supply chain targets. Because larger organizations are expected to have more sophisticated security systems in place, wrongdoers infiltrate their partners to gain access.
- Service providers introduce their own set of risks: The “as-a-service” model speeds up technology adoption and accelerates companies down the road of digital transformation, but it also introduces vulnerabilities. All businesses are susceptible to risk from their service providers, including cloud providers and more. To protect business operations and assets, each service provider relationship needs to be scrutinized, and risk management efforts and security postures need to be strengthened accordingly.
- Businesses’ responsibilities extend to their relationships with others: When a breach occurs, liability isn’t limited to just one organization. Leaders must do all they can to protect not only their own business, but its connections too. In response to a cyber attack, every effort must be made to contain, control, report, and resolve the incident. And it is important to realize that a business might be held financially responsible for losses sustained by others who were placed at risk by their connection to that breached organization. Part of what makes cyber crime so costly is the obligation businesses have to their connections.
- Your own employees put you at risk: The people in an organization pose the greatest risk to security. The rapid pace of business, the way we work, and the plethora of distractions in our daily lives all conspire to make us vulnerable. We make mistakes. We rush. We open email, click links, and download attachments without a second thought. And in doing so, we put our companies at risk. That’s why organizations need new technologies and security experts to help keep business operations safe.
Learn more about the hidden risks and unexpected vulnerabilities that may reside within your own business relationships by reading our ebook, Cyber Risk in Business Relationships: How Every Business Expands Unseen Risks. Also, visit the FireEye cyber risk partners page for more information on how to better protect your business and its assets.