Last week’s gigantic data breach at OneLogin is a grave reminder of the data security risks posed by insecure supply chains.
Although using password managers is generally considered good practice by information security managers, it also means that an organization using only one such supplier has a single point of failure.
Earlier last week, OneLogin detected unauthorized access to its data in the US. The data that was compromised included the keys for decrypting customer data. Over 2,000 enterprises globally use OneLogin for password management.
Security risks threaten the supply chain
This breach hits home the reality of how security incidents quickly cascade down the supply chain. If a supplier with access to your data is affected by a cyber attack, the odds are that your data will be compromised.
Even though password managers like OneLogin come with a strong reputation and a fairly clean security record, this case should be a wake-up call for businesses to the importance of properly evaluating suppliers’ information security credentials.
Information security within supply chains is still widely overlooked
Data security breaches have been known to wreak havoc on supply chains. Retail giant Target suffered one of the biggest breaches when malware-laced phishing emails were sent to its air conditioning supplier.
The breach cost Home Depot $152 million with a total cost exposure predicted at $10 billion.
Why ISO 27001 is the world’s leading information security standard
ISO 27001 certification allows organizations to assure clients and suppliers that they have implemented best-practice information security processes.
Almost half of the organizations that responded to a global IT Governance survey in 2016 said they’ve been asked for ISO 27001 certification by their suppliers in the last 12 months.
Get started with ISO 27001 today
Get in touch with IT Governance today to find out how we can help you implement ISO 27001 or conduct a comprehensive audit of your supply chain.