Many organisations rely on third-party software, such as services for email, hosting, CRM, or accounting systems, to support different parts of their business.
While this software can improve productivity it is essential to check the impact it has on the rest of your system. Without re-testing and checking for updates your business could be open to any number of attacks.
Third-party software, recognised as supply chain, vendor-supplied or outsourced software, is any program created out of house or compiled using off-the-shelf or open-source code. And it is here where potential problems can arise.
The beauty of third-party software, including open-source code, is that a business can easily integrate additional applications into existing systems. But the downfall is that hackers can identify well-known vulnerabilities and potentially exploit them. It exposes your business and could result in your whole system being infiltrated by bad actors.
Chris Blake, Director, and Principal Data Protection & Privacy Consultant, said: “If you do choose to install third-party software make sure you run a risk analysis with it. It is important to understand how these programs impact your operations and have a plan of what to do if they fail.
“Check with the vendor to ensure they have a way to track and identify vulnerabilities within their software. When a vulnerability is identified how and how quickly do they respond?”
When undertaking due diligence on the software ask the vendor what risk assessments they’ve carried out and how they prioritise and process security issues that result from testing. Don’t stop there. Perform your own test on the software in your system.
Chris added: “If the programs are not tested for security on the same level as in-house processes it could leave your whole system vulnerable to malicious attacks. Run regular vulnerability scanning and penetration testing to identify security risks.”
Find more information about how we can help you mitigate against threats from third-party software via Get in touch.