CVS, Rite-Aid, Sam's Club, Walmart Canada and other large retail chains have suspended their online photo services following a suspected hack attack against a third-party service provider that may, in some cases, have resulted in the compromise of payment card data.
It is certainly negligent if a firm does not have an information security management program to manage their risk, but even worse if they have a program and do not regulate third party vendors. Third party vendors are the achilles heal to companies as attacks can root from a third party and innocently pass to your enterprise. It is paramount to implement a strategy into third party’s security programs and be prepared to walk away if the firm does not want to comply. This may sound tough and you may have developed a lasting relationship with the vendor, but the truth is, you must be willing to walk away to protect your business and data.
Lastly, this proves that multi-million dollar firms, although capital is a non-issue, do not have adequate security, In short, capital does not always mean the entity is secure.
For more information, please contact Knox!