Data breaches have become an increasingly common problem in the world of business technology, and 2022 was no exception. Over 50% of organizations reported experiencing a third-party data breach last year.1 And as data breaches resulting from compromised credentials cost $4.50 million on average,2 it’s clear that business leaders need to make implementing stronger third-party access controls a top priority in 2023 and beyond.
Along with a higher risk of data breaches, some of the most significant challenges of third-party access include:
Having limited control or visibility into how a vendor handles your company’s data.
Meeting regulatory compliance, especially if a vendor isn’t adhering to the same standards.
Knowing which tools and services can best help your IT team monitor third-party access.
While managing third-party access can be complicated, neglecting it creates substantial risk for your business. In this blog, we’ll take a closer look at three of the biggest third-party data breaches of 2022 and the lessons we can learn from them about reducing risk.
Okta, a leading enterprise identity and access management company, was breached in January 2022 by the Lapsus$ hacking group. 355 organizations were impacted by the breach, which was attributed to an attack targeting Sykes, a third-party vendor that provided Okta with customer support services.
Takeaways: The Okta breach serves as a reminder that companies need a robust third-party risk management strategy to mitigate breaches as quickly as possible. And as certain types of third-party vendors – such as customer service providers – are a more attractive target for hackers, it’s important to prioritize monitoring and managing the vendors who pose a greater risk if compromised.
The auto manufacturing company Toyota was forced to shut down operations when its plastic supplier, Kojima, suffered a data breach in February 2022. The breach impacted the operations of Toyota’s subsidiaries, along with affecting Toyota’s bottom line by halting car production.
Takeaways: In Toyota’s case, properly vetting its third-party suppliers could likely have prevented some damage. Be aware of the security measures your third-party providers have implemented and don’t hesitate to negotiate better ones if they’re not up to your organization’s standards.
Highmark Health, a healthcare delivery and financing company, reported a data breach in March 2022. The attack targeted Quantum Group, a printing and mailing services provider hired by WebbMason, the company that provided Highmark with marketing services. Over 67,000 customers were affected by this breach, with hackers accessing sensitive information such as names, dates of birth, medical prescriptions, and Highmark member IDs.
Takeaways: Even your third-party vendors’ suppliers can pose a risk, as was the case in the Highmark breach. Because fourth parties, or “nth” parties, are farther removed from your business, tracking the companies used by your third-party vendors with a third-party management program is critical.
Third-party data breaches are an ongoing threat to businesses of all sizes. But by prioritizing cybersecurity and implementing strong access controls, you can protect your organization – and your clients' sensitive data – from malicious attacks.
Safous ZTA employs multi-factor authentication and single sign-on tools to prevent hackers from entering your network. Because our platform controls access at the application level, cybercriminals can only access limited resources in case of a breach. And with Safous ZTA, all customer data is stored in the customer’s network – not in the cloud. Schedule a demo today to see Safous ZTA in action and learn more about how we can help you keep your business network safer than ever.
Sources: