Today is Groundhog Day and oddly enough I am iced-in here in North Texas just outside of Dallas. And with temperatures averaging about 30 degrees and the roads beautifully decorated with ice and snow, not many people are going anywhere anytime soon. On the bright side, working from home gives me the opportunity to get caught up on my industry reading and this became apparent I needed to write something about supply chain partner security.
With a dog on my lap, a little music in the background, and a fresh cup of coffee I was all set to sit down and create a post reminding people to ensure all of their connected partners and vendors are secured, but then I saw this article from Security Week https://www.securityweek.com/98-of-firms-have-a-supply-chain-relationship-that-has-been-breached-analysis/ and thought - they've already done the research I was going to do...why not just reference their article and the associated study? So that's what I'm doing.
I will add that you absolutely must have cybersecurity standards that your partners and vendors need to meet. If not...they are your weak link! Don't think the big name service providers have issues? Here's a small sampling of some of the big name vendors and service providers that I'm sure many of you use:
- Zendesk had a data breach that resulted from employee account credentials getting phished by hackers.
- SugarCRM had thousands of accounts compromised through an exploited vulnerability
- Twilio and Cloudflare were part of a massive phishing campaign that targeted at least 130 other organizations
- Secure communications firm Signal was breached
- Mailchimp and Klaviyo were also part of supply chain attacks
- Solarwinds and Kaseya were also breached impacting not just their MSP/MSSP partners, but also the partners customers
If you're interested, our MDR/SOC service can be bundled for better pricing options for both you and your partners or service providers. Hey, I'm even willing to offer you a referral bonus for each new customer you send my way that signs. Just use the below form to let me know you're interested or if you already know a business that could our help.