Ellen Messmer reports:
An in-depth study of data-breach problems last year where hackers infiltrated 312 businesses to grab gobs of mainly customer payment-card information found the primary way they got in was through third-party vendor remote-access applications or VPN for systems maintenance.
“The majority of our analysis of data-breach investigations — 76% — revealed that the third-party responsible for system support, development and/or maintenance introduced thesecurity deficiencies exploited by attackers,” the Trustwave report published today states.
Read more on Network World. Steve Evans of CBR also covers the release of the report, which you can access here (pdf).
and still, what can you do to prevent this data breach?
Your SLA should include third party audit of provider and practices that are reviewed quarterly. When you out source the gear that doesn’t include the responsibility.