Partner Misuse

1. Relationships with external parties are established because an organization requires the services/products from the vendors. These vendors have access to critical devices and classified information. Similar to insider threats, partner misuse refers to vendors having the possibility of harboring malicious intent and wanting to use their privileged status to sabotage the organization. Related Term: The Human Element Click to know more about expert level training (Source: Business Continuity Management Institute - BCM Institute)

A Manager’s Guide to Business Continuity Management for Cybersecurity Incident Response

2. Doing business today requires trusted relationships with business partners and vendors. Partners can manage critical devices, store or aggregate sensitive data, and/or be provided with remote access into corporate networks. Just as employees may have malicious intentions, vendors and business partners may also leverage legitimate logical or physical access for unsanctioned access to data. Because of this, we consider partner misuse as a lethal data breach scenario.
Source: (Verizon, 2016)

3. Partner misuse involves semi-trusted entities who have some level of enterprise environment access and, either through purposeful maliciousness or inadvertent ineptitude, lead to a breach of that environment.
Source: (Verizon, 2017)