3 Ways to Fight Ransomware Originating From Third Parties


Digital transformation has advanced businesses globally into a new era of efficiency and interconnectedness; but it also has exposed organizations to new levels of risk and network endpoints that require monitoring.

In the past year, ransomware attacks have exploded in frequency, with an overall global increase of 105%, and even greater increases across certain vulnerable industries: government agencies experienced a 1,885% increase in ransomware attacks, and healthcare agencies saw a 755% increase in attacks. 

It’s not enough to just monitor your internal attack surface for indicators of ransomware; to effectively mitigate risk of ransomware attacks, it’s imperative to include vendor ransomware risk in your management strategy. Hackers utilizing ransomware are sneaky, and are constantly trying new ways to gain network access with as little trail as possible. This could mean that vendors that are normally low risk could be targets for undetected attacks, or that security performance blips that usually aren’t priority have a greater underlying story. 

One of the biggest ransomware attacks on record occurred when software company Kaseya unknowingly downloaded a network update infected with ransomware. The attack had a significant impact throughout Kaseya’s expansive third party network of users, leaving over 1,500 impacted organizations scrambling to decide what to do while their operations were in limbo. The Kaseya attack highlights how just one organization in your supply chain can have costly effects when ransomware is at play.

Ransomware groups might be growing in intelligence and power, but so is the global focus on cybersecurity preparedness and defense. Protect your network from vendor ransomware risk, and be a part of strengthening the digital economy by following these three key steps.

1) Establish your organization’s vendor risk threshold

It’s going to be impossible to treat every vendor the same. With the sheer number of third parties every organization work with to stay competitive, vendor risk managers must determine the level of acceptable risk for each vendor. 

A vendor your organization uses for event planning or office maintenance does not have the same level of network access as your payroll vendor, or healthcare provider. This means your organization can take on more risk from these lower-stakes vendors, and focus more risk monitoring and resource allocation on the high-stakes vendors. 

Using a tool like security ratings to evaluate a vendor’s current level of risk provides an external viewpoint of the organization, instead of waiting for a vendor’s self-assessment. You can also efficiently establish risk thresholds by tiering your vendors into risk-related monitoring groups, and assigning acceptable levels of risk to each tier. Your “top-tier” vendors would be those that require the most risk monitoring and who’s accepted level of risk needs to be low, or else risk remediation plans will be initiated. 

2) Implement vendor risk management procedures during procurement and onboarding

Fighting against vendor ransomware risk starts well before they’re connected to your network. Your vendor risk managers can take an important step to fighting ransomware by implementing third party ransomware defense policies as early on in the vendor procurement process as possible.

Do your vendor contracts include cybersecurity policies and risk requirements? Are potential vendors evaluated by your cyber risk team before they are considered by the rest of the business? Some ransomware indicators can reveal themselves in cyber risk assessments completed in the vendor due diligence process, saving your risk management team time down the road by identifying risky vendors now. 

Bitsight data has found specific program vulnerabilities are future indicators of ransomware attacks. If an organization has poor patching cadence, rated with a D or F in the Bitsight analysis, they are 7 times more likely to experience a ransomware attack compared to those with an A grade. By evaluating your vendors’ patching cadence and other critical risk vectors during the procurement and onboarding phase, vendor risk managers can better manage risk and select vendors that are less likely to introduce ransomware threats.

40 questions vendor risk ebook

With this ebook, we'll help you prioritize which vendors need the most attention with an in-depth security assessment – such as those with low security ratings, or critical vendors that maintain constant contact with your company’s systems. 

This is also a good time to utilize the risk thresholds and tiering strategy mentioned above. Vendor onboarding can quickly turn overwhelming when every business unit is looking for new technology that can improve processes and team collaboration. Sorting new vendors into predetermined tiers can set the proper level of risk assessment into action based on a vendor’s purpose, instead of evaluating each new vendor the same way. 

3) Continuously monitor your vendors

One of the most effective defense strategies against vendor ransomware risk is to continuously monitor your third party risk posture. Traditional vendor assessments happening yearly, or a few times a year for concerning or high-risk vendors. But this risk evaluation strategy leaves gaps between assessment periods where changes in vendor risk posture could be happening without your knowledge. Oftentimes it takes your third parties time to communicate risk changes out to their network, if they do at all.

Using continuous monitoring technology, vendor risk managers can see the daily performance of each third party, without needing communication from the vendor themselves. Bitsight Security Ratings update daily to provide a real-time view of your vendor cybersecurity performance, including any concerning changes or potential vulnerabilities. 

The longer ransomware goes undetected in your network, including your vendor networks, the more damage it can cause. Using continuous monitoring technology is a key defense step against the costly effects of ransomware, and can help alert both you and your third parties to trends and potential risk threats in their network.

Start defending against vendor ransomware risk

Bitsight Security Ratings are proven to correlate with an organization’s likelihood of suffering a ransomware attack. Companies with a rating between 300 and 500 are almost 8 times as likely to experience ransomware activity as a company with a rating of 750 or above. Evaluating your third parties using Bitsight Security Ratings can provide insight into an organization’s threat of a ransomware attack, and proactively protect your third party network.

To learn more about Security Ratings, and how Bitsight data can help you identify ransomware risk in your third party ecosystem download our eBook

Ransomware Trends eBook

Ransomware attacks have been rising at an alarming rate — with victims ranging from one of the largest fuel suppliers in the United States to Ireland’s Department of Health. Download our ebook to learn more about:

  • The latest tactics used by ransomware groups
  • Bitsight’s analysis of data on hundreds of ransomware events
  • Best practices to protect your organization