Phishing trends: Are your suppliers an unexpected security risk?

Preparing your organisation against every possible kind of cyberattack is only a viable tactic if your suppliers and partners uphold the same high standards. If a SaaS supplier, for instance, falls victim to a hack or data breach, its customers are in danger as well.

A recent example of the actual risk to an entire ecosystem could be seen at the end of 2020 and the start of 2021. When security specialist FireEye discovered a nation state attack on SolarWinds, it had far reaching consequences. All around the world, companies and governments were put at risk because of vulnerabilities in one supplier’s security infrastructure. High profile victims included Microsoft, MalwareBytes and the United States Government.

Protecting yourself from the risk posed by suppliers or partners can be extremely difficult: it is impossible to control or supervise their (critical) infrastructure and once an organisation has truly incorporated, for example, a SaaS solution, it has no other option but to trust in the solidity of their partner’s security.

Nevertheless, it is always possible to discuss a supplier’s defence mechanisms. It is every organisation’s duty to question new partners’ ways of working concerning cybersecurity – if a supplier is using outdated protocols, they have to be held accountable for endangering the ecosystem. Always ask which certifications they follow or whether they are educating their staff on new procedures and techniques.