Third-Party Vendors a Weak Link in Security Chain

Discussion in 'other security issues & news' started by ronjor, Mar 6, 2015.

  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,729
    Location:
    Texas
    http://www.esecurityplanet.com/netw...ty-vendors-a-weak-link-in-security-chain.html
     
  2. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Very informative, Ron. It makes it difficult for consumers/customers to know the various relationships between a company they do business with, and its 3rd party vendors.

    How are customers to be sure that it is safe and secure to do business with a company?

    I don't know how to answer that; do you have some advice?!

    (Recently, I've been purchasing locally with cash and check. I don't know how long this will last...)

    thanks,

    ----
    rich
     
    Last edited: Mar 6, 2015
  3. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,729
    Location:
    Texas
    Good question.

    As far as cash and checks go, I was the victim of forged checks this past December. They acquired my account number, forged some checks, went on a spending spree while draining my checking account. I was covered by the bank but it certainly was a big surprise.

    I suggest you check your credit and banking accounts daily for anomalies.

    Forgery is an easy way to rob people. Your account number is on every check you write.

    I know for a fact that a lot of banks use this third party company. http://www.jackhenrybanking.com/online-and-mobile/pages/netteller-online-banking.aspx

    Not a lot anyone can do except hope the third party company is security aware as suggested in the article.
     
  4. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,729
    Location:
    Texas
  5. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    It's a failure of companies to properly vet third party vendors. Or in some cases, being cheap/lazy and outsourcing something that shouldn't be outsourced. If you outsource there should be standards/practices, with regulations on this. We see people hacked everyday by outsourced IT tech for example. No proper vetting, no proper oversight.. Just 'hire that company in India, it's cheaper!'.. Reckless.. These companies should face massive fines.

    Almost everything is compromised right now by the way. People will find out soon enough just how compromised. When it 'hits the fan' that's when changes will need to be made on a wide scale. Govt. weakening of encryption, and other security will only harm ALL OF US, we should be going the other way - strengthening security/encryption/privacy. There will be far reaching, negative consequences of our govt's shortsightedness.
     
  6. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,709
    I agree. An individual usually has no control over what the 3rd-party companies/vendors do. They can promise to do their best but still fail. Personally speaking, I can't possibly keep track of each and every company that I deal with to ensure that they keep up with security/privacy standards. If I need the service, I have to just take the risk. It's like when I choose to take a cab or a bus...I am practically entrusting my life to the driver.
     
  7. Yuki2718

    Yuki2718 Registered Member

    Joined:
    Aug 15, 2014
    Posts:
    1,257
    It's really disgraceful that when a company was compromised they say it was 3rd party and not themselves who had the problem.
    They should be responsible for all 3rd parties they confided and 3rd party shouldn't be used as excuse. What they are responsible is whether their customer data are damaged or not, regardless of if it is 3rd party or themselves.
     
Loading...