Industry Insights with Isa Jones

3rd Party Risk Management , Leadership & Executive Communication , Training & Security Leadership

Why Third Parties are the Source of So Many Hacks

The State of Third-Party Security Needs to be Addressed
Why Third Parties are the Source of So Many Hacks

Most organizations see third-party security as a threat, but not a priority. This misconception leads to inadequate security protocols, misaligned budgets and resources, vulnerabilities in network/systems/supply chain management, and weaker attack surfaces—which is why there’s a crisis in the state of third-party security that desperately needs to be addressed. We can look to two recent examples of data breaches to see why heightened access management of critical resources is crucial to protecting your organization from a breach.

See Also: Ransomware Demystified: What Security Analysts Need to Know

Kaseya

What Happened?

Kaseya, which is a technology software provider for IT outsourcing companies or managed service providers (MSPs), was hacked by Russia-linked cybercriminal group REvil. This is one of the largest ransomware attacks to date, and hackers demanded $70 million in cryptocurrency.

The Cause

Ask yourself, “If this asset is compromised or stolen, is it a big deal? Are people able to still do their jobs if something happens to it?” 

Vulnerabilities were found in Kaseya’s authentication methods. As a result, REvil was able to insert malicious code into Kaseya’s vendor security alliance (VSA) software.

The Effect

Kaseya, acting here as the third party, sent infected software updates to several dozen of their customers. The attack not only endangered the Kaseya organization, but put the managed service providers (MSPs) in their supply chain in jeopardy.

Accellion

Accellion, an organization that provides businesses with file sharing technology, experienced a ransomware attack that hit its file transfer application (TFA).

The Cause

Accellion is a third-party file sharing vendor for hundreds of organizations. Its TFA was targeted and attacked by hackers who threatened to exploit sensitive and private data in order to receive a ransom payment.

The Effect

Several Accellion customers faced the ransom threat, including notable organizations like Morgan Stanley, Kroger, Jones Day, Trinity Health, and Flagstar Bank. The hackers stole data that included customer addresses and social security numbers. And months after the incident, several organizations are still recovering from the attack.

How Critical Access Management Can Help

In both of these examples, it’s not just a matter of businesses placing their trust in the wrong third party; it’s a matter of poor access management. Kaseya and Accellion are both reputable organizations, but reputation will only get you so far. Reputation doesn’t build a secure framework that will protect your business’ critical assets. Only critical access management can do that.

Critical access management is the art of securing access points and assets that are critical to a company’s success. High risk access points and assets, such as the sensitive information threatened or stolen in both of these examples, need security measures that include the goverance, control and monitoring of all access, such as:

  • Implementing access policies that keep third-party access restricted
  • Using Zero Trust Network Access so any third party breach is contained and doesn’t infect the other systems in a business’ infrastructure
  • Establishing monitoring procedures so when third parties are attacked, you can reactively investigate the situation to determine how much damage was done and trace back to the source of the attack

Protecting your critical access points and assets should be the number one priority in your cybersecurity strategy. Ask yourself, “If this asset is compromised or stolen, is it a big deal? Are people able to still do their jobs if something happens to it?” For the customers of Kaseya and Accellion, stolen private information is indeed a big deal, and several companies had to halt operations because of the third-party attacks. So maybe it’s time to ask yourself those questions and re-evaluate the way your business handles third parties before it’s too late.



About the Author

Isa Jones

Isa Jones

Content Writer, Securelink

Isa Jones is the content writer for SecureLink. Based in Austin, Jones has a decade of writing and content strategy experience, including a background in journalism.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing ransomware.databreachtoday.com, you agree to our use of cookies.