Recently, our team has discovered that critical vulnerabilities are being detected within third-party vendor systems at an alarming rate. We advise our partners to carefully review their vulnerability scan reports each month to determine if a third-party vendor is creating additional risk. If so, please contact the vendor immediately and notify them of the detected vulnerability so that they may begin taking remediation steps as soon as possible. Once the vendor has updated the affected systems, the following month’s vulnerability scans can confirm if the patch has been successfully implemented.
Occasionally, third-party vendors will refuse to patch a system with critical vulnerabilities. When this occurs, we advise our clients to research alternative providers. If a vendor demonstrates a lack of interest or care in responding to potential vulnerabilities, they are not taking the security of your organization seriously. You’re paying for a service, and you should be provided with support that doesn’t endanger your network security.