• Clark: How third parties can end up compromising your data

    In a world where a single weak link can compromise an entire network, ensuring the security of your supply chain is not just good practice—it’s essential. Take action today to protect your business from the vulnerabilities posed by third parties.
    Dec. 2, 2024
    4 min read
    129469948 | 5m3photos | Dreamstime.com
    674db170540501b20b4853cb Dreamstime L 129469948

    In today’s interconnected business landscape, working with third-party suppliers is necessary for most organizations. However, this reliance also brings risks, particularly in cybersecurity. Suppliers and vendors, often seen as extensions of a business, can unintentionally become significant vulnerabilities that cybercriminals exploit.

    A report released earlier this year by SecurityScorecard highlights the scope of the issue. According to the research, “98% of organizations are affiliated with a third party that has experienced a breach, and these third-party attacks account for 29% of all breaches.” These numbers are staggering, emphasizing the importance of addressing security risks beyond your internal operations.

    So, what makes third-party suppliers a common entry point for hackers, and how can your organization mitigate these risks? Let’s dive deeper.

    Why third-party suppliers are a target

    Third-party suppliers often lack the same robust cybersecurity measures as larger organizations, making them attractive targets for attackers. Here are some common reasons why they pose a risk:

    • Insufficient security practices: Many suppliers prioritize convenience over security, failing to adopt comprehensive protection measures. For example, outdated software, weak encryption, or lack of multifactor authentication can expose vulnerabilities.
    • Unawareness of cyber threats: Smaller vendors may not be aware of the sophisticated hacking techniques used today. This lack of awareness means they might not promptly recognize or respond to breaches, giving attackers more time to exploit their systems.
    • Shared access points: Vendors and suppliers often require sensitive systems or data access to perform their duties. These shared access points can serve as gateways for cybercriminals to infiltrate your network.
    • Complex supply chains: With multiple layers of subcontractors, each with potential vulnerabilities, ensuring security across the supply chain becomes increasingly challenging.

    See also: Cybersecurity training is crucial

    How to protect your company from third-party vulnerabilities

    Just this past week, I wrote an article addressing the need to educate your employees on identifying and protecting against ransomware. But educating your workforce isn’t enough. Mitigating the risk of supplier-caused breaches involves proactive measures and continuous oversight. Here are some best practices to help safeguard your organization:

    • Conduct thorough and ongoing security assessments. Regularly evaluate your vendors’ cybersecurity practices through:
      • Questionnaires and audits: Request details about their security policies, certifications, and incident response plans.
      • Third-party security ratings: Use tools like SecurityScorecard to assess a vendor’s cybersecurity posture.
    • Limit third-party access. Adopt the principle of least privilege, granting access only to the systems or data they absolutely need. You can do this with:
      • Network segmentation: Isolate sensitive areas of your network to prevent a breach in one system from spreading to others.
      • Temporary credentials: Use time-bound access credentials that expire once a vendor’s task is complete.
    • Implement strong contractual agreements that necessitate including cybersecurity requirements in your vendor contracts. These should specify:
      • Compliance standards: Vendors should adhere to industry-specific regulations.
      • Breach notification: Require vendors to notify you immediately if they experience a breach.
      • Liability provisions: Outline consequences if their negligence leads to a breach affecting your organization.
    • Use continuous monitoring tools
      • Technology can automate the monitoring of your vendors’ cybersecurity practices. Tools can track potential vulnerabilities, flag risks, and provide real-time insights into a supplier’s compliance with your security requirements.
    • Educate your vendors
      • Not all suppliers have the resources to maintain robust cybersecurity measures. Just as you educated your workforce, you should consider offering training, sharing best practices, or collaborating on security improvements. This can strengthen your entire supply chain.

    The importance of a collaborative approach

    It’s important to remember that, in most cases, a third-party breach is inadvertent, with no malice on the supplier's part. Protecting against third-party breaches requires collaboration between your organization and suppliers. Treat cybersecurity as a partnership:

    • Share threat intelligence: Inform your vendors about emerging threats and encourage them to do so.
    • Promote transparency: Create an open line of communication to address security concerns without hesitation.

    Protecting against cyberattacks is an “all-hands-on-deck” effort

    In a world where a single weak link can compromise an entire network, ensuring the security of your supply chain is not just good practice; it’s essential. Take action today to protect your business from the vulnerabilities posed by third parties.

    About the Author

    Jane Clark

    Senior VP of Operations

    Jane Clark is the senior vice president of operations for NationaLease. Prior to joining NationaLease, Jane served as the area vice president for Randstad, one of the nation’s largest recruitment agencies, and before that, she served in management posts with QPS Companies, Pro Staff, and Manpower, Inc.

    Voice your opinion!

    To join the conversation, and become an exclusive member of FleetOwner, create an account today!

    Continue Reading

    Michelin introduces Michelin X Force Winter and Michelin X Force ZL Tires
    Roeth: Private fleets advancing sustainability

    Sponsored Recommendations

    2025 Fleet Cybersecurity Handbook
    Keep Your Trucks Rolling A Guide for Trucking Companies Who Want to Maximize Uptime
    Efficient Fleet Maintenance: Accelerating Oil Change Services
    Master the Habits of Successful Fleet Managers
    Sign up for our free eNewsletters

    Latest from IdeaXchange

    377258485 | Siwakorn Klomwinyarn | Dreamstime.com
    KPIs and fleet maintenance
    Each fleet is going to set different KPIs around key metrics once it evaluates the effectiveness of its PM program. Reduce the number of vehicles being taken out of service during...
    Tatsiana Kuryanovich | Dreamstime
    Data only delivers value when it leads to action. Consider these steps to turn your fleet's insights into operational improvements.
    Little changes can make big differences. Here are ways to turn your fleet's data into real-world efficiencies that boost your bottom line and maximize your equipment.
    ID 24517292 © Dreammasterphotographer | Dreamstime.com
    continuity during an outage concept
    Do you have a business continuity plan in place? Every hour counts in trucking. Being prepared for disaster recovery can be the difference between keeping customers and losing...

    Most Read

    Indiana authorizes interstate highway tolling
    DOT announces Pro-Trucker Package, aims to improve truckers' lives
    Combatting summer road rage

    Sponsored

    Learn toll basics to help your fleet unlock efficiency, savings, and productivity
    Next-Gen Fleet Efficiency: AI & Beyond
    Master the Habits of Successful Fleet Managers
    FleetOwner helps commercial fleet executives and maintenance managers who oversee the operations of five or more vehicles. FleetOwner's award-winning editorial and veteran sales staff help trucking industry leaders improve operations and vehicle maintenance and better understand industry regulations and emerging transportation technology. Engaging more than half a million commercial vehicle professionals every month, FleetOwner maintains the largest audience of commercial truck fleet executives available to the industry. Endeavor Business Media Commercial Vehicle Group affiliates Fleet Maintenance, Bulk Transporter, Trailer|Body Builders, Refrigerated Transporter, and For the Driver help FleetOwner reach the entire North American over-the-road transportation and freight industries.
    Newsletters
    The top stories, industry insights and relevant research, assembled by our editors and delivered to your inbox.
    Connect
    Follow us for the latest industry news and insights.
    https://www.facebook.com/fleetowner
    https://www.linkedin.com/company/fleetowner/
    https://twitter.com/fleetowner
    Affiliated Brands
    © 2025 All rights reserved.