Cybersecurity: Raising awareness to prevent a third-party or supply chain attack

Third-party supply chain risks are a growing threat to corporate and client data. We explain how these risks can be minimized.

Feb 21, 2019 | Mark Giuliano

Cyberattacks can be carried out by penetrating a company’s systems through a less well-protected third-party vendor or contractor, and this method, also known as supply chain attack, is increasingly preferred by nefarious actors. 

Instead of hiring and training employees to perform functions such as accounting and human resources, companies are turning to highly specialized providers, and especially cloud companies, to perform these functions to save time and money. These third party vendors are often granted access to the hiring company’s systems and can be used as unwitting Trojan horses to breach data security firewalls.

This paper, written by Invesco’s Chief Administrative Officer Mark Giuliano, focuses on third-party risk, or the vulnerability that occurs when one company hires another company to provide a service. He recommends steps to minimize supply chain risk, and what to look out for when drafting vendor contracts.

Click on “Download PDF” to read more.