Your vendor’s vendor might be the real breach risk
In this Help Net Security video, Chris Boehm, Field CTO, Zero Networks, breaks down how a vendor breach can become your breach.
He explains that attackers now target the subcontractors behind your trusted vendors. A compromised credential at a company you have never heard of can open access into your systems, because your vendor’s vendor holds keys you never vetted.
Boehm compares a stolen access token to a badge: whoever holds it gets waved through, since the badge itself is treated as proof, not the person carrying it. He walks through how one small breach travels up through a contractor and lands inside your environment, often sitting unused for months before anyone notices.
Boehm then lays out a tiering approach for vendor risk, based on how sensitive the data is and how deep the access goes, and argues that most security programs miss the subcontractors hiding behind every vendor they trust.