> ..outsourcing relationships with them.. One of my latest gigs was on Third-Par... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		HenryBemis on April 24, 2024 \| parent \| context \| favorite \| on: N. Korean hackers breached 10 defense contractors ... > ..outsourcing relationships with them.. One of my latest gigs was on Third-Party Security. For years and years companies (especially banks) were giving little to no attention to third-party security/privacy. I've happily seen that over the past 5 years most (mega-big) banks have taken it "all the way up to 11". Hackers are smart people, why hack company X with 50 people on their SOC and not hack a vendor that is lazy and clumsy? (and in some cases it's 5 guys with laptops behind a cheap never-hardened router in some random country)

manvillej on April 24, 2024 | [–]

Third Party Risk is a big deal these days. Especially with the rise in supply chain attacks

hangonhn on April 24, 2024 | [–]

Oh and then when they get breached they will send me a letter informing me and say it was their vendor's fault.

No, buddy. That's still on you.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact