How Red Team Services Can Protect from Vendor Vulnerabilities

Every company in operation has vulnerabilities. It’s fair to say that vulnerabilities never truly go away in your business’s environment, but you do your best to maintain the integrity of your database. No matter how tight your cybersecurity, there will always be some amount of vulnerability, especially when you factor in human error. That’s why it is so essential always to have your finger on the pulse of your network operations and having a consistent schedule for any maintenance and monitoring of your data.

The same goes for larger corporations who provide services through their web applications like Slack, Last Pass, Dropbox, Google, Apple, Android, among others. These are reputable companies that we all know and use, but recently have been highlighted for vulnerabilities. But, what happens when your business uses a vendor that is vulnerable? What happens to you or your customer’s data who depend on your service? The answer: you all now become vulnerable too. Their vulnerabilities now become your vulnerabilities.

When your vendors are vulnerable, so is your network and therefore, your customers.twitter-logo-vector-download-612819-edited.jpg

While you might do your due diligence to keep your database safe, the larger vendors that we are all familiar with do their best to keep their network security safe as well. It is important first to understand that these top players are targets for cyber criminals and they always will be. Therefore, they understand that it is their responsibility always to patch them. However, being such high-profile companies and top targets, sometimes accidents happen and when a vulnerability is found, it can leave your network vulnerable to an exploit and therefore, your customers’ information as well.

On March 2nd, a researcher had reported some serious vulnerabilities on Slack that could have potentially exploited and obtained information from its users’ accounts. After being discovered, Slack acted quickly to patch the vulnerability. Slack claims that during this short window no user was exploited, but that wasn’t the case the first time the company had a similar issue last April where over 1,500 authentication tokens were accidently posted. What does this mean for those who use Slack as an internal messaging application? All internal messages, including those that have been archived, could potentially be exposed along with any information about customers and shared documents during the time that the vulnerability went unnoticed.

Recently, Google has been getting some attention for vulnerabilities found in their automated advertising system. These vulnerabilities are scaring large advertisers away from using Google as an advertising outlet. Though Google’s engineers are currently fixing the holes in the system, it still leaves some advertisers exposed to potential attacks the longer it takes Google to patch the issues.  If your business depended on Google for advertising, you would be exposed to similar vulnerabilities that could cost your business personal information or perhaps a hefty ransom.

Apple customers may have just updated their iOS software to the new 10.3, but what users aren’t aware of are the vulnerabilities that came with it. As the update was release, Apple addressed the flaw in iOS 10.3 after discovering that hackers were using it to abuse Safari and permanently lock users out of their browser and then demanded money from their victims. Imagine if you provide an iPhone to some of your employees for business. What would happen to your company if they were the ones who were exploited?

Email-Virus-HITN_7.png

Perhaps one of the best and most relevant examples is the Yahoo breach highlighted in the news recently. What started as a phishing email in 2014 was discovered by combing through their network and patching vulnerabilities. It was soon realized that Russian hackers had gained access and stolen data from over 500 million Yahoo accounts. Though it wasn’t the first time Yahoo was breached, this certainly is the largest breach in history to date. Now imagine your business depends on Yahoo for an email service. Personal information about your company, customers’ interactions, financial information and more could be linked to that account all to end up in the hands of cyber criminals.

To avoid your company’s exposure and to protect your customers, look to red team services for help. Continue to conduct regular vulnerability assessments, for instance. You have the right to know what your vendors are doing to ensure they are secure and private. Don’t be afraid to ask for proof.

Again, let’s reiterate that these companies and others that you hear about in the news may be operating responsibly and conducting regular vulnerability assessments to help ensure that these incidents don’t happen. However, when they do it is crucial that you be aware that you are susceptible to those holes in security as well as your clients. To avoid your company’s exposure and to protect your customers, continue to conduct regular vulnerability assessments with your Managed Security Service Provider. Regular employee awareness training is also a key component in ensuring that your staff is aware of cyber threats and how to handle them. Lastly, it never hurts to keep track of the vendors and applications you use often to make sure that they aren’t making headlines with their data security.

Download Our Free Ebook!