Okta third-party breach & the potential repercussions

The recently reported breach involving a third-party vendor at Okta once again underscores the critical importance of organisations diligently monitoring their digital supply chain, which is made up of the vendors, suppliers, and other third parties that have network access.

Okta, which has previously faced scrutiny over other reported breaches, stated that only employee and not customer data was compromised in this incident. However, the repercussions can extend beyond this initial breach. The exposed employee information can make them susceptible to targeted phishing and impersonation scams, potentially leading to data or monetary theft. Even worse, these scams might be leveraged to obtain the employees’ credentials, enabling further damage to the company.

It is imperative for organisations to comprehensively identify all third-party entities they depend on for their operations, not just those pertaining to customer data. Subsequently, they should assess which of these entities have access to sensitive data and whether such access is warranted. Continuous monitoring of third-party vendors for vulnerabilities and a proactive approach to remediation should be integral parts of an organisation’s cybersecurity strategy.