With organizations increasingly relying on third-party vendors, upping the third-party risk management (TPRM) game has become imperative to prevent the fallout of third-party compromises.
Third-party risks
SecurityScorecard recently found that 98% of organizations are connected with at least one third-party vendor that has suffered a data breach in the last two years.
When letting a third-party vendor access an organization’s network, potential vulnerabilities become their shared problem and a compromise can have serious consequences for both. It can result in:
- Customer service disruption
- Violation of regulations or laws
- Reputational damage
- Supply chain disruption
- Financial fraud or exposure
One third-party compromise in particular marked the year 2023: A series of data breaches occurred due to the mass exploitation of a vulnerability in MOVEit, a popular file transfer software, leading to data theft from various international government entities and businesses.
Despite Progress Software patching the flaw in May, the Cl0p data extortion gang had already exploited the vulnerability extensively, with affected organizations continuing to disclose MOVEit-related…
