Request your free Security Rating Snapshot to find the gaps in your security program and how you compare to others in your industry.
Early last month, it was disclosed that Ticketmaster suffered a data breach through a third party service provider as part of a payment card hacking campaign; Ticketmaster was just one of hundreds of victims. The threat actor, Magecart, compromised over 800 e-commerce sites by secretly installing digital card-skimming software on third-party components and services used by these retailers.
This breach highlights the growing number of third party service providers that retail and e-commerce companies rely on - and this is not unique to the retail industry, as most industries rely on similar third parties across their supply chains. Sometimes these organizations can have up to tens of thousands of third parties, all with a specific business function.
Retailers face a unique challenge by relying on so many third parties — this includes e-commerce businesses and others — where even one line of code compromised within that third party can affect an extremely significant amount of retailers. As the old saying goes, it only takes one. There is a network of interdependence clearly evidenced here by the third party platforms and service providers that compromised other retailers in addition to Ticketmaster. These service providers include Inbenta, SocialPlus, PushAssist, CMS Clarity Connect, and Annex Cloud.
BitSight researchers looked at the number of service providers that retail companies rely on. Our data shows that for retailers with a company size of 5,000 employees or more, the median number of service providers is 52. As one might assume, the larger the retailer, the more service providers they possess and the bigger their attack surface grows.
As retailers continue to rely on an increasing number of service providers, their risk of data breach through those third parties increases as well. BitSight Security Ratings continuously monitor and quantify the cyber risk of third parties, enabling organizations to efficiently scale their vendor risk management programs. It’s critical that retail organizations continuously monitor all of the third parties in their supply chain with the rise of e-commerce. Learn how BitSight helps retail companies manage cyber risk and continuously monitor the security posture of their third-party vendors.