Guide on Reacting to a Business Data Leak from Suppliers

Dealing with a Cyberattack on a Third-Party Vendor: A Comprehensive Guide

Guide on Reacting to a Business Data Leak from Suppliers

In the wake of an escalating number of cyberattacks during the COVID-19 pandemic, businesses must be prepared to respond effectively to potential threats, especially when they originate from third-party vendors. This article outlines the essential steps to minimise the impact of such incidents, focusing on preparedness, rapid response, and mitigation strategies.

Preparedness

1. Risk Assessment: Regularly evaluate the vendors handling sensitive data or critical operations to identify high-risk entities[1][4].
2. Secure Contracts: Incorporate stringent security standards and incident response requirements into contracts with vendors[4].
3. Business Continuity Planning: Integrate vendors into business continuity plans, understanding the potential impact on operations, data recovery time objectives (RTOs), and recovery point objectives (RPOs)[2].
4. Cybersecurity Drills: Collaborate with critical vendors on cyber-attack scenario exercises to develop coordinated response strategies and ensure open communication channels[2].

Rapid Response

1. Incident Response Plan Activation: Promptly activate the incident response plan upon learning of a breach, ensuring all stakeholders are informed and roles are clear[3].
2. Clear Communication: Establish clear communication channels with the vendor for timely updates and cooperation throughout the response process[2].
3. Data Containment: Implement measures to contain the breach, if possible, to prevent further data exposure. This may involve isolating affected systems[3].

Mitigation

1. Assess and Isolate Impacted Systems: Rapidly assess and isolate systems or data that might be compromised due to the vendor's breach to prevent further damage[3].
2. Contractual Remediation: Explore legal remediation options if contractual obligations were breached, aiming to enforce compliance and seek compensation if necessary[4].
3. Supply Chain Redundancies: Introduce redundancies or alternative suppliers to reduce dependency on the affected vendor, ensuring business continuity[2].
4. Post-Incident Review and Improvement: Conduct a thorough review of the incident to identify lessons learned and implement improvements to prevent similar breaches in the future[4].

In the event of a cyberattack, it's essential to ask the vendor about the status of the attacks, whether the data breach has been stopped, how the attackers gained access, if there was an information leak, if it was intentional, if the vendor has cyber insurance, and if they will cover legal fees for breach notification obligations evaluation[5][6]. Additionally, contact your third-party security consultant immediately to begin formulating a plan[7].

It's crucial to secure data immediately to minimise the impact on the business[8]. Identity and financial fraud is often the end goal of cyberattacks, allowing cybercriminals to impersonate a business and make purchases in its name[9]. Approximately 56% of companies have experienced a data breach caused by one of their vendors[10]. Credential stuffing is a form of cyberattack that injects stolen credentials into multiple login forms to gain access to confidential systems[11].

To determine if the data leak can compromise your system, ask the vendor about the progress of their investigation, the investigative firms they are working with, and if a report is available[12]. Be prepared to act swiftly, maintain calm, and protect your business in the face of a cyberattack.

1. To ensure compliance with security standards, it's advisable to review the contractual agreements with vendors and verify the inclusion of cybersecurity requirements.
2. In the event of a cyberattack on a third-party vendor, it's crucial to collaborate with the vendor's forensics team to investigate the cause and extent of the attack.
3. As data breaches can have far-reaching implications, it's essential to understand the vendor's cyber insurance policy and its coverage for breach notification obligations.
4. In light of the rising number of cyberattacks, it's crucial for businesses to invest in technology-based solutions to bolster their cybersecurity capabilities, such as encyclopedias and resources dedicated to cybersecurity best practices.

Read also: