High-profile attacks reveal that malicious hackers target third-party vendors and supply chain partners as a backdoor into their primary target, according to CyberArk Software.
Organizations in every industry provide network access to third-party vendors, which range from services companies and suppliers to external consultants.
Attackers target less secure partners to compromise remote access points, steal and exploit privileged credentials, and gain access to targeted networks. From here, attackers can elevate privileges, move laterally through the network, and execute their attack goals while completely circumventing the targeted company’s defenses.
According to recent research, attackers are increasingly targeting this soft spot in cyber security:
- 60 percent of organizations allow third-party vendors remote access to internal networks
- 100 percent of advanced attacks exploit privileged credentials
- 63 percent of data breaches are caused by security vulnerabilities introduced by third parties
- 58 percent of organizations have no confidence that their third-party vendors are securing and monitoring privileged access to their network.