1(630)802-8605 Ravi.das@bn-inc.net

There was a time when in this world, we could literally trust anybody with anything.  Whether it be a babysitter, or a pet sitter, or even just somebody looking out after our house or business while we were away, we had absolute faith that nothing bad would happen, at least not maliciously from their end.  If anything were to happen, we would also have the faith that they would call us back immediately and tell us.

These other entities to whom we had this ingrained trust are in technical terms known as “outside third parties”.  But however, as time has gone on, and with Cyber threats escalating by the moment, trust in third parties has quickly eroded, especially when it comes to managing the IT Infrastructure of a business or a corporation.

When we do want to hire an outside third party to help manage our IT Infrastructure, we have to first build up that level of trust by conducting extensive background checks, credit checks, interviews, etc.  Only once this has been accomplished, can we feel only a certain degree of comfort can be established.  Even then, we will always have our guard up, no matter what.

However, building this level of trust is not just with physical outside entities, but it also comes into play when we are using third party software applications of we have never even heard of before.  This is especially true when it comes to downloading things like mobile apps.  I have written about this in previous blogs, even this is now a prime target for the Cyber attacker.

Although Apple and Google do reasonable security checks (actually Apple does a much better job, in my opinion) before they upload any mobile apps to their respective stores, there is always that risk an end user can download a malicious or rogue app and cause wide spread havoc not only onto their own Smartphone, but even others as well.

For example, the latter is known as a “Botnet” attack, where one Smartphone can be used as a source in which to launch attacks on other Smartphones.

This is the exact same thing that happened just recently happened in Mexico.  Apparently, there was a vulnerability in software developed by a third party which has been used to connect payment systems apparently was hacked into.  The latest updates reveal that at least five major Mexican banks were impacted, and from there, the money was then transferred to various fake accounts.

The financial damage is enormous as it is estimated that the Cyber attackers made off with at least more than 300 million pesos or $15.4 million while others have reported as much as 400 million pesos may have been stolen.

In order to make off with such a large amount, there is even thought that this could have very well been an inside job as well (something again, which I have written on – you can view the archives on my blog site).

According to a top ranking Cyber security official  CyberGRX Chief Information Officer Fred Kneip:  “As the SWIFT Network learned after an attack on a member bank led to a costly breach, it only takes one vulnerability for attackers to gain access to your network and ride in on a trusted connection.”  (SOURCE:  https://www.scmagazine.com/mexican-bank-cyberheist-nabs-millions/article/765804/)

He also noted that Cyber attackers are also prowling third party vendors, one of the prime reasons being that their levels of security tend to be much lower than perhaps other types of business entities.  Keep in mind that with third party vendors, most of their attention is given to how much volume of business that they can drive – not so much the security standards that they have set forth, or should have established  in the first place.

In these cases, if you are a business owner, if you need to hire a third party vendor to help you accomplish your business tasks, you need to of course do your own due diligence.

This means conducting the background and credit checks, interviews, and visiting the third party vendor on site in order to make sure that their security systems comes up to snuff with your own expectations.

But even then, this is no guarantee.  As we know, anything can happen.  But by doing your own due diligence, you are legally protecting yourself, because if there is a security breach with the third party vendor, and customer information/data was lost or stolen, then you are held responsible, not the third party vendor.

Also, maintaining an open lines of communication with the third party vendor you select is equally crucial.  In other words, just don’t dump work off onto them, rather try to strike up a solid relationship so that not only that level of trust is built up, but a long lasting business relationship as well, so you can keep using them over  and over again for your future needs.

I actually hosted a webinar back  in January about the security risks posed by third party vendors, and you can get a lot more information from that as well as a free, informative whitepaper at this link:

https://infosecinstitute.wistia.com/medias/tgph18nm08