Post by Acsense

Even security companies are not immune to third-party breaches. HackerOne, a firm built around finding vulnerabilities, had 287 employees exposed through a benefits vendor they did not control. That gap is the point: - Attackers accessed Navia's systems for nearly two months before HackerOne was notified - Compromised data included Social Security numbers, health plan details, and contact information - Internal infrastructure was clean, but the blast radius still hit the team Your security posture is only as strong as your weakest vendor connection. Third-party risk is not a procurement problem. It is an identity and access problem, and most organizations are not governing it like one. Two months of undetected access. Think about what that window looks like inside your own supply chain. Full story in the Five Nines Newsletter: https://lnkd.in/ej2CPVsG How are you managing identity governance across your third-party vendors? Drop your approach in the comments. #Acsense #IAM #Cybersecurity #identitysecurity #infosec