Business Express is an online portal that covers the latest developments in the world of business and finance. From startups and entrepreneurship to mergers and acquisitions, Business Express provides reporting on the stories that matter most to business leaders and decision-makers.The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.
How to be successful in the gaming industry - Business Express

The importance of keeping your internet clean


The importance of keeping your internet clean

Tom Egglestone - Business Express

By Tom Egglestone, Global Head of Claims at Resilience

In today’s highly digital and connected world, third-party breaches have become an increasingly common occurrence. These breaches occur when hackers access sensitive data through a vendor or supplier rather than directly targeting the primary organisation. As companies become more reliant on third-party vendors for key aspects of their operations, the risk of third-party breaches continues to increase.

One significant example of a vendor breach occurred in December 2022, when Uber’s sensitive employee and customer data was exposed. Uber’s asset management and tracking service provider Teqtivity was the victim of a cyber-attack, exposing sensitive employee and customer data to the BreachForums hacking forum: the latest in a string of security incidents Uber has had to face in the last few years.

It is not just commercial organisations that are at risk here. In August 2022, the National Health Service in the UK was hit by a third-party ransomware attack through its software provider, Advanced, compromising client data and leaving the NHS without access to key software systems for two months.[1] These and other incidents have proven that it is critical for organisations to maintain strong value-chain cyber hygiene practices and cyber resilience strategies to mitigate these risks.

Implementing value-chain cyber hygiene practices

With organisations increasingly relying on technology, the use of third-party vendors has become very common, especially with the growing popularity of cloud computing and software-as-a-service (SaaS) solutions. These vendors provide a range of services, such as data storage, IT infrastructure, and application development. However, as more organisations outsource critical functions to third parties, the risk of data breaches occurring through one of these vendors increases tremendously.

To prevent third-party breaches, it is essential to establish value-chain cyber hygiene practices. 

This process involves identifying and assessing the risks associated with each third-party vendor the primary organisation uses and verifying that their security measures are adequate. Establishing vendor management protocols that include proper due diligence, ongoing monitoring, and incident response planning is vital.

Implementing value-chain cyber hygiene practices starts with identifying the risks and potential vulnerabilities associated with each third-party vendor. Organisations must take the time to evaluate the security protocols in place at each vendor they utilise and verify that these protocols meet their required standards. This process includes conducting a thorough review of the vendor’s security controls, policies, and procedures to ensure that they are aligned with the primary organisation’s security requirements. 

Organisations should implement ongoing monitoring practices to ensure that vendors maintain their security posture continuously. The monitoring process includes assessments and audits to identify any potential security risks and vulnerabilities that may arise throughout the vendor engagement. Additionally, organisations should implement a tailored vendor risk management program that includes regular security training, policy updates, and incident response planning.

SolarWinds as a case study

In September 2019, SolarWinds, a Texas-based technology company, experienced a data breach. Foreign hackers gained access to their digital infrastructure and utilised this position to gain access to a wide range of organisations’ sensitive data. Using malware-ridden software updates that nearly 18,000 SolarWinds customers downloaded, the data of thousands of customers was exposed. Customers included Microsoft, Intel, Cisco, as well as the Pentagon and the US Departments of Homeland Security, Justice, State, Commerce, and Treasury. As a result of this breach, millions of dollars were lost, leading to what has been determined to be one of the largest and most sophisticated cyber attacks in US history. 

Don't miss out on any breaking news or insightful opinions!
Subscribe to our free newsletter and stay updated on the go!


By submitting this form, you are consenting to receive marketing emails from: Global Banking & Finance Review. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email.

This event demonstrated the disastrous effects of a large supply-chain breach. Unlike most incidents, supply-chain attacks can implicate dozens of organisations and yield a massive global impact. As a result of the breach, SolarWinds and clients have paid over $90M so far in investigation and recovery expenses. The reputational damage caused to SolarWinds, which was previously a trusted and respected organisation, is irreparable. Clients of SolarWinds have filed a class-action lawsuit against the organisation, and as time goes on, more lawsuits could be filed against SolarWinds or its affected clients. 

This incident demonstrated on a massive, global scale the importance of supply chain risk management. All organisations, no matter the size or the data they store, must prioritise cyber security in order to prevent a similar incident. It also showed risk, security, and financial leaders that their security is only as strong as their weakest link. Organisations must engage in value-chain cyber hygiene practices in order to strengthen their digital infrastructure against incidents and become cyber resilient. 

Creating a cyber resilience strategy

In today’s digital world, cyber-attacks are becoming increasingly sophisticated, and the consequences of a breach can be devastating. Therefore, it’s crucial to have a cyber resilient strategy in place to protect your organisation from cyber threats.

A strong cyber resilience strategy drives continuous improvement and economic efficiency by integrating Risk Acceptance, Risk Mitigation, and Risk Transfer across Cybersecurity, Risk Management, and Finance in a way that an organisation can take a digital hit without impacting its material ability to deliver value.

A comprehensive solution is needed to offset cyber risk, yet most organisations have been slow to transition, leaving them vulnerable. Quantified action plans, which generate a personalised cyber mitigation plan, and top-down advocacy to ensure there is stakeholder buy-in at all levels, are both essential in any transition to true risk mitigation. Similarly, a patchwork approach of siloed cyber resilience will do little to stem the tide of potential attacks, which is why any solution must be holistic, with accurate risk assessments on an organisations data; optimally, by using AI models.

This level of protection is imperative in an era of rising ransomware attacks and can only be implemented by specialist teams of cyber veterans across security and risk, but also underwriting and claims, to both validate an organisation’s plans and provide support. For example, Resilience, the next-generation cyber risk company on a mission to make organisations cyber resilience, offers all the above, at a time where companies need to find a new way to structure and manage cyber risk.

Third-party breaches pose a significant risk to organisations across the private and public sectors. As third-party vendors’ use continues to grow, it is critical to ensure that these vendors are held to the same cybersecurity standards as the primary organisation. By implementing robust value-chain cyber hygiene practices as well as cyber resilience strategies, organisations can mitigate the risks associated with third-party breaches and protect sensitive data from falling into the wrong hands. In today’s ever-changing threat landscape and in the face of cyber warfare, it is essential to be proactive and take the necessary steps to secure the entire value chain.

 

[1] https://www.digitalhealth.net/2022/10/client-data-exfiltrated-advanced-nhs-cyber-attack/

 

Recent Post: