Ripple20 vulnerabilities could affect the enterprise security standards amid the widespread cybercrime surge due to the COVID-19.
The widespread pandemic has exposed new patterns of third-party security risk for businesses. Many enterprises have been using third-party service providers in order to manage the essential operations and sensitive information.
However, in light of the economic crisis, several third-party service providers have been forced to sell off divisions of the company, furlough employees, or shut down operations. As a result, their ability to maintain data security and business processes has been compromised to a large extent. This has exposed them to various vulnerabilities. Among them, Ripple20 is one of the biggest risks.
The Ripple20 Risk
Ripple20 is a new set of vulnerabilities that were found in a software library, which implemented a TCP/IP stack. The researchers from the JSOF research lab discovered this security concerns in 2020. This comprehensive set of vulnerabilities is anticipated to expose companies and third-party service partners further. It has already been found in the tools of many manufacturers and it could profoundly impact supply chain operations that are dependent on the connected devices for supporting crucial functionalities.
Thus, businesses need to be prepared and aware of the vast security risks posed by third parties. Big enterprises are taking the necessary steps to gain visibility into the setback and address it fast.
Identifying the Tricky and At-Risk Vendors
This is a vital approach to shortlist the third-party providers that have a significant impact on the business and could be at (most) risk. Validating them before other partners can help companies from the danger.
For instance, if a third-party was going through financial challenges before the pandemic crisis and had access to critical assets or sensitive data – it should be considered at high risk. Similarly, the identified list of vendors can facilitate to mitigate business threats going ahead.
Implementing Secure Access Broker Tech
Transparent, secure, and enforceable remote access for third-party vendors is necessary for combating Ripple20 risks. Experts say enterprises need to consider a secure access broker technology over a virtual private network (VPN). Many such vendors connect to enterprise networks via dedicated VPN connections or even user-specific VPN connections. These are highly flat networks.
Clearly, this is the time to focus resources on developing short and long-term strategies to mitigate the third-party threat. Basically, with most of the enterprise risks – cost, effort, and impact linked with managing, it will typically be weak compared to an attack response, which occurred through third-party privileged devices. Utilizing tactical and strategic efforts while managing these vulnerabilities, enterprises can significantly ease any third-party risk.