The next cab off the rank is Latitude Financial which at this point seems to be targeted toward drivers’ licenses and customer records. According to Latitude Financial’s update to the market on Thursday, the company detected what is called ‘unusual activity’ on its systems ‘over the last few days’, originating from a major vendor used by the organization. This statement raises 2 key points that are becoming more and more frequent with the businesses we talk to recently.
Firstly, ‘unusual activity’ – It is common for this to happen over a few days before it’s detected and converted into with the right people receiving notification which is just too late. The damage was done days ago. This is common simply because businesses don’t have the rights monitors and alerts in place to notify the right people quickly. The capability to monitor for evidence of compromised accounts is antiquated for the most part.
Secondly, originating from a vendor used by the organization, is also a common weakness in the chain of security. How often do you perform security assessments on your vendors? Do you demand evidence of their Policies, Training, Awareness, and Compliance positions? Do you know the high-level position of their Security engineering? How often do you report on these findings and postures to the executive?
If you have 3rd party vendors and you don’t know the answer to these questions then you are in a vulnerable position. It only takes 1 door to open. This is why we offer to conduct data privacy and security assessments so you can formulate a security profile for each of your vendors. It’s crucial.
