On June 23, 2021, threat actors reported that they had stolen a terabyte of data from Saudi Aramco, a state-owned oil company in Saudi Arabia.

The threat actors released samples of data they had procured after redacting critical information. They also claimed to have detailed information on Aramco’s employees, such as their full names, photographs, passport scans, emails, phone numbers, residence permit (Iqama card) numbers, job titles, employee ID numbers, and family information.

This breach was peculiar due to the attack techniques employed by the adversaries. Firstly, there was no interruption in the operations of the victim organization. Further, the attacker promised to share the data with anyone who was willing to pay a stipulated amount.

A month after the data samples were posted online, Saudi Aramco acknowledged that the data had been accessed through a third-party contractor and not through its own systems. According to the BBC, the threat actors demanded $50 million from Aramco to recover the stolen data, with the promise that they would wipe it completely and not sell it to other parties.

Third-party monitoring has become critical

According to Securelink, 51% of companies have suffered a data breach caused by vulnerabilities in the infrastructure of the third parties they deal with. This calls for monitoring all events involving the parties related to an organization.

Several past incidents have emphasized the importance of third-party security:

However, monitoring third-party activities is not as easy as it sounds. Identifying such attacks is difficult since organizations have poor visibility into the environments of third-party vendors—and because those vendors don’t always take responsibility for securing data.

Though authorities have created compliance standards to make third parties responsible for data security and have also helped organizations create a framework to monitor third-party platforms for security loopholes, organizations often find it difficult to track down incidents involving third parties.

Time to consider related-party interactions as a key security metric

The Aramco incident is a reminder to fix the blatant security gaps in connected vendor systems. Data breaches leveraging the misconfigurations and security loopholes in third-party vendors’ environments do occur.

It’s high time third-party incidents were brought under the purview of network security. For enterprises to achieve this goal, it’s important that they include related-party interactions, or RPIs, in their security operations metrics.

RPIs are all events involving third parties such as vendors, re-sellers, or government authorities. RPI monitoring enables organizations to identify threats from third-party sources and mitigate them as soon as possible.

At present, though organizations include several key performance metrics such as mean time to recovery, mean time to acknowledge, and mean time to detect, third-party activities are seldom considered important.

RPI monitoring will provide better visibility into third-party activities, giving security teams an overview of all the critical activities associated with their organization.

RPI monitoring is the missing puzzle piece in network security

Cloud adoption has extended the network perimeter of organizations. With several entities interacting with an organization’s network, keeping tabs on just internal or external entities will not secure the network completely since there are other external third parties that have access to internal resources. RPIs can impact network security, so they need to be monitored. Security teams must create plans to defend against unprecedented threats from the third parties associated with their business.

Interested in learning more about monitoring security threats from RPIs? Check out our guide on how to monitor security threats from RPIs.

Raghav Iyer
Product Marketing Specialist