"There's a growing set of these business/consumer technologies that employees and small teams are using that make them unknown suppliers," Thompson explained. "If you're an attacker, you may want to go after one of these consumer services that might hold corporate data instead of going directly at a company."
Companies are becoming increasingly aware of supplier risk and taking measures to evaluate the security profile of their suppliers, according to Torsten George, a vice president with Agiliance.
"The practice has increased over the last 12 months," George noted. "We receive these vendor risk assessment surveys almost on a weekly basis. They range anywhere from 180 to 600 questions."
"The surveys provide these companies with a little bit of peace of mind," he observed. "But it doesn't guarantee a higher security level, especially if a vendor stretches the truth a bit."
Sign up for CIO Asia eNewsletters.