Idan Tender, CEO, Fortscale

Author Archives: Idan Tender, CEO, Fortscale

Top 5 security threats from 3rd parties

 This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.

From Target to Ashley Madison, we’ve witnessed how interconnections with third-party vendors can turn an elastic environment -- where devices, services and apps are routinely engaging and disengaging -- into a precarious space filled with backdoors for a hacker to infiltrate an enterprise’s network. Here are the top five threats related to working with 3rd parties:

Threat #1 - Shared Credentials. This is one of the most dangerous authentication practices we encounter in large organizations. Imagine a unique service, not used very frequently, requiring some form of credential-based authentication. Over time, the users of this service changes, and for convenience considerations, a single credential is often used. The service is now accessed from multiple locations, different devices and for different purposes. It takes just one clumsy user to fall victim to one {fill in the credential harvesting technique of your choice}, to compromise this service and any following user of that service.

To read this article in full or to leave a comment, please click here