How to Protect Yourself When Working With Contracted Third-Party Vendors

Protecting Yourself against Third Party Vendors

Every week, we receive worrisome emails about security breaches, such as the following from United Airlines regarding an incident that took place in February 2021:

We’re writing to make you aware of an incident involving a third-party system provider that stores airline passenger data for one of the Star Alliance member carriers. The incident involved certain data being accessed…Out of an abundance of caution, you may want to change your MileagePlus account password…”

Far from being the exception, such breaches are becoming commonplace with hackers targeting businesses regardless of size.

Having worked for decades for the Department of Defense and several U.S. National Intelligence communities, our solemn concern that businesses learn to protect themselves against cyber threats isn’t unfounded.

This incident accurately shows the dynamics at play that expose businesses to online threats through the third parties they have contracted. While no significant damage has been reported in this incident, the breach did affect all airline members of OneWorld and Star Alliance of whom United Airlines is a member.

The issue here is that this will not be the end of such security breaches. In fact, owing to the increasing numbers of remote workforces, the attack landscape has expanded exponentially.

Every business – small, medium, and large – finds itself open to cloud breaches. With outsourcing being a major part and parcel of modern-day business best practice, how can enterprises protect themselves and their clients when doing business with third-party vendors?

We now know that there are at least 80,000 cyber-attacks each day and that the average ransomware payment jumped by 33% in 2020 to $111, 605.

69% of organizations are aware of the weaknesses in their anti-virus software and believe that it isn’t enough to block incoming threats. And they are right. Businesses need more than a simple anti-virus solution.

A predictive, pre-emptive, and potent cybersecurity defense system is required. This is not an opinion but solid advice coming from years of preventive research across various industries.

Our words come at a time when nearly half the U.S. labor force is working from home and enterprises are depending on contracted third-party vendors for a plethora of services. In writing this piece, it is an attempt to shed light on the vulnerability of most businesses. It’s not a question of ‘if’ a breach happens but ‘when’. And when that day comes, how prepared will you be to handle the situation?

If you’re still thinking that security breaches are nothing to worry about, perhaps you need to be reminded of some of the most historic data breaches to date and the kind of damage that can ensue:

A Twitter breach in 2020 saw hackers target the accounts of high-profile individuals such as Elon Musk and even presidents. Cybercriminals managed to swindle $121,000 worth of Bitcoin in the process.

The 2017 Equifax breach affected 147.9 million consumers and cost the company more than $4 billion.

Again in 2017, the notorious Wannacry virus wreaked havoc in 150 countries, affecting 400,000 machines resulting in $4 billion worth of damage.

We want you to look at the reality because pretending cybersecurity attacks won’t happen is a recipe for disaster.

In the email by United Airlines, they try to reassure their clients that “the only information potentially accessed were customer names, MileagePlus numbers, and Star Alliance statuses. No other personal information or passwords were exposed that would allow anyone to access [your] MileagePlus account.” This is an attempt to placate the situation yet this is already information no one else should be privy to.

For us, it is alarming to see that no attempt has been made to explain just how United Airlines intends to secure themselves against future attacks stemming from the contracted third-parties they are in business with.

There is no mention of improving systems as they believe their current ones are solid enough. They merely reiterated that “We have strong cybersecurity measures in place to protect your personal data, and both United and Star Alliance have reviewed our own systems and found no indications that they have been compromised in connection with this incident.”

From the beginning of our history, we have been at the forefront of presenting businesses with intuitive cybersecurity solutions, providing them with the kind of support they need: pre-emptive, strategic, and actionable.

Using reverse engineering methods – the very ones employed by hackers – we were able to design and build solutions that provide enterprises with intelligent defense systems. It’s never ‘just business’ for us when we’re recommending a product.

We enter into a personal relationship with our clients so that we fully understand their needs, explore weaknesses and vulnerabilities. Concern for enterprises and commitment to demystifying how hackers operate and the best practices companies can adopt to protect both themselves and the third parties they work with drives our experts.

Over the years, we have journeyed with enterprises, struggled with them to find the best line of defense as cybercrime took on a more sophisticated nature. We have stood in the trenches with them as we watched technology evolve and shape our world in so many ways.

As cybersecurity professionals, we spend countless hours exploring different hacker phenomena so we can guide and direct enterprises. It is from this place that we are able to honestly recommend intelligent solutions such as Threat Beta®, Threat Alpha®, and Cybeta Overwatch®.

These solutions have changed the defense systems of many enterprises and given them lasting security and peace of mind. This United Airlines incident, painful and threatening to imagine as it is, can be the wake-up call you need to take your business from vulnerable to secure.

Your business doesn’t have to be a statistic. Change is hard but adopting tried and trusted cybersecurity solutions is essential in today’s ever-evolving cyber landscape.

Get robust cybersecurity solutions for your business

Are you worried about these cybersecurity trends and the security of your internal networks? Cybeta provides predictive, pre-emptive, powerful, cybersecurity solutions that can help in the fight against cyber threats. Get robust protection from our Threat Beta, Threat Alpha, and Overwatch systems all developed by U.S. Intelligence-trained experts. Contact us for a consultation or more information.