Attackers like to target the underlying partners of the business that they are attempting to breach, said Dell SecureWorks' Houle. Once a partner is breached, the attacker can create a more effective spearphishing campaign against executives at the company in their sights, Houle said.
It is difficult to uncover the full extent of an organization's security processes, technical controls and culture. Potential partners should be open to answering questions and show proof that their network and processes have been assessed and properly validated by an outside firm. The IT security and the company's legal team should be involved to review service level agreements prior to signing contracts, experts say.