![]() With one success, attackers were able to victimize many organizations from multiple industries and across several nations. This case highlights in particular why cyber-attacks on 3rd party vendors are so lucrative. The damage didn’t end there for Accellion either they are facing an increasing number of civil lawsuits in more than one state. Attackers exploited vulnerabilities within Accellion FTA and obtained PII and banking information from a multitude of victims like Kroger, the University of Colorado, the Reserve Bank of New Zealand, and even Washington State. These may be large files or those of a particularly sensitive nature, but Accellion FTA is in use by a wide range of organizations across numerous industries. Accellion FTA is widely used to move files within a network. While direct financial motivation is not always the underlying cause for a cyberattack, the hackers responsible for the Accellion breach in 2021 were in pursuit of financial gain, and they were extremely successful. It’s impossible to evaluate and continuously monitor your vendors if you fail to identify who they are, even more so with a high-risk vendor like this. Recognizing who your third through Nth party vendors are and the specific risks that they present is the very first block needed to construct an effective risk management process. ![]() Attackers secreted malware in a software update of Click Studio’s Passwordstate app and collected the login credentials of IT and security personnel at nearly 30,000 organizations. These are some of the reasons that data breaches in the healthcare field increased upwards of 55% in 2020 alone.ĭo you consider the creator of a password manager application in use by some or all of your employees to be a third-party vendor? You should, and even if your own employees aren’t using the app, your third-party vendors’ employees may be. The healthcare industry in particular is in possession of PHI in addition to PII, and they need to be even more conscious of the security posture of their vendors with access to or storage responsibilities for that data. If nothing else, the Elekta breach should serve as a reminder that any industry is a potential target for cybercriminals. While they were able to detect the suspicious activity on their own system, this did not prevent the loss of treatment information, Social Security numbers, names, addresses, and other personally identifying information for these individuals. While rumors of non-financial motivations for the attack exist, it is prudent to remember that even if your organization does not lose complete access to critical systems any data lost can be sold and resold through illicit marketplaces providing a secondary income stream for cybercriminals.Īs the cloud-based storage provider for the Cancer Centers of Southwest Oklahoma, Elekta was responsible for storing the protected health information of 8,000 cancer patients. When the hacker group Deus launched a ransomware attack against their systems, they demanded $1.5 million dollars to restore access and prevent the release of the data they had obtained. Notable Data BreachesĪs a call center servicing company, Voicecenter was home to a wealth of information about thousands of companies that it worked with. There is no doubt that we will see data breaches occur on an increasingly frequent basis, and if you intend to keep your sensitive information secure, then it is important to understand the security risks that your company is facing. ![]() Ransomware attacks can target critical systems causing operations to grind to a halt, or your supply chain could be threatened by a key vendor’s failure to secure their systems against known cyber risks. The Russian invasion of Ukraine in March of 2022 has triggered a marked increase in cyber attacks on third parties above and beyond this already increasing trend. Cyber attacks continue to increase in frequency, and they have become the preferred medium for fraud in the current era. Furthermore, third-party breaches are estimated to cost more than double what a standard data breach would cost. They have also shown that over 50% of all organizations are not even attempting to evaluate the information security practices of these vendors before giving them access to confidential data or secure systems. Research conducted by the Ponemon Institute has revealed that more than half of all data breaches are the result of a third party.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |