ASUS 'ShadowHammer' Attack Underscores Trusted Third-Party Risks

New Email Campaign Employs Malicious URLs

Tech companies that issue remote patches and remote updates to customers are big targets for attackers because of their broad trusted relationships with customers, says Jake Olcott, vice president at BitSight. "As a risk management best practice, organizations must identify their most high-risk vendors, include security performance requirements in contracts with those suppliers, and monitor the cyber posture of those suppliers on an ongoing basis," he says. The challenge is that such assessment and monitoring process can be extremely time-consuming, he says. But simply turning a blind eye to this risk all together can have detrimental consequences, he notes.