Eight per cent of your partners may be a high security risk: Study

One of the weakest links in an organization’s IT security may be the most obvious: The telecom provider.

That’s one of the implications of a report issued Tuesday by security vendor Skyhigh Networks, which examined the vulnerabilities online partners open up to their unwitting customers.

“The industry with the largest percentage of high-risk businesses is telecommunications, with 30.4 per cent companies rated as high-risk,” says the report.

Twenty-eight per cent of agriculture and mining companies are high-risk, followed by 21 per cent of construction and real estate companies, which includes heating and ventilation (HVAC) companies like the one exploited in the estimated US$148 million Target stores breach to compromise the retailer’s data and systems.

The study examined partners (everyone from service providers to suppliers, including SaaS services such as Office 365, WebEx, Box and others) used by 17 million cloud users (15 million last year).

Risk was judged by using attributes like compromised accounts for sale online, the number of machines infected with malware, and the presence of unpatched vulnerabilities such as Heartbleed and POODLE.

Overall, Skyhigh estimates eight per cent of partners are a high cyber security risk to the companies they deal with due to the potential for compromise. Thirty-seven per cent ar e low-risk from a cyber security standpoint.

Of those high-risk companies, the report said at the time of the survey all had systems still vulnerable to the POODLE vulnerability in SSL, six months after it was discovered.

There were other potential alarming discoveries:

–an unnamed advertising agency with 1,565 compromised identities available for sale across 29 darknet sites. The darknet is another word for the underground Intenet where stolen data and malware are trafficked;

— a company that provides technology for the financial services industry that has 1,216 compromised identities across 19 darknet sites;

–an airline with 209 machines infected with malware, and 9,716 compromised identities across 106 darknet sites;

–a heating and cooling company (different from the one in the Target breach) with 444 compromised identities across 15 sites.

The report is another reason for organizations to ensure that their partners use the latest security techniques, including two-factor authorization.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now