Three major breaches that emphasize the need to manage third-party risk in the cloud

Today, organizations rely heavily on third-party vendors and service providers to streamline operations and enhance efficiency. While these partnerships offer numerous benefits, they also introduce significant cybersecurity risks. Managing third-party risk involves assessing and mitigating the potential security threats posed by external entities that have access to an organization’s systems, data, or networks. Neglecting to adequately manage third-party risk can leave organizations vulnerable to data breaches, financial losses, and reputational damage.

Three recent data breaches have shown how crucial it is to manage third-party risk well. The occurrences of these breaches act as harsh reminders of the dangers that come with depending on third parties. Let’s examine each of these in more detail.

Bank of America – Data leak

The 2023 breach at Bank of America, one of the largest financial institutions globally, impacted both the bank and its customers. Sensitive data belonging to at least 57,028 customers was compromised. This breach exposed a range of personal information, including names, Social Security numbers, addresses, dates of birth, and other account details associated with Bank of America’s deferred-compensation plans. The breach raised concerns about the security practices of third-party vendors within the financial industry.

Causes of the breach

The breach occurred primarily due to vulnerabilities in the systems of Infosys McCamish Systems (IMS), a third-party technology partner responsible for providing services related to Bank of America’s deferred-compensation plans. Despite operating separately from Bank of America’s core network, IMS systems were targeted by malicious actors who gained unauthorized access.

Mitigation strategies

To mitigate the risk of similar breaches in the future, organizations must enhance their vendor management and due diligence processes. This involves conducting thorough assessments of third-party vendors’ cybersecurity practices, including their risk management protocols, security controls, and incident response capabilities.

Another crucial mitigation strategy involves implementing a software bill of materials (SBOM) for third-party vendors. An SBOM provides organizations with detailed insights into the software components and dependencies used by their vendors, enabling better visibility and understanding of potential security risks.

UK Military – Third-party breach

The breach affecting the UK military had significant implications for current, former, and reserve members of the British Army, Naval Service, and Royal Air Force. Personal information of over 225,000 military personnel, including names, bank account details, and other sensitive data, was compromised.

Causes of the breach

The breach was primarily attributed to vulnerabilities introduced by third-party contractors responsible for handling payroll services for the UK Ministry of Defence (MoD). Shared Services Connected Ltd, the external contractor involved, failed to adequately protect the payroll system, allowing threat actors to gain unauthorized access.

Mitigation strategies

It is important to enforce mandatory minimum cybersecurity standards for third-party contractors working with sensitive government agencies like the UK Ministry of Defence. This involves establishing clear guidelines and requirements for contractors to adhere to, including robust security protocols, regular security assessments, and compliance with industry standards and regulations. By enforcing stringent cybersecurity standards, organizations can ensure that third-party contractors prioritize security and implement measures to safeguard sensitive data and systems effectively. Additionally, regular audits and oversight mechanisms can help verify compliance and address any potential security gaps before they are exploited by malicious actors.

American Express – Data exposure

The breach at American Express exposed the credit card information of its customers due to a security incident involving a third-party service provider. This breach compromised sensitive credit card details, including account numbers, names, and expiration dates.

Causes of the breach

While American Express’s own systems remained uncompromised, the breach occurred through a vulnerability introduced by a third-party service provider. This highlights the challenge of managing security across complex supply chains and the need for organizations to vigilantly monitor and address potential risks posed by external partners.

Mitigation strategies

Organizations must prioritize strengthening access controls and implementing robust monitoring mechanisms for third-party service providers. This involves implementing stringent authentication protocols, such as multi-factor authentication, to ensure that only authorized individuals can access sensitive data and systems. Additionally, organizations should implement continuous monitoring tools that will help them detect and respond to potential security incidents in real time.

Importance of implementing a complete cloud strategy

CheckRed offers a comprehensive, complete cloud security solution designed to address the diverse security needs of modern organizations. It encompasses two key components: the Cloud Native Application Protection Platform (CNAPP) and SaaS Security Posture Management (SSPM).

CNAPP is a cutting-edge platform that combines Cloud Security Posture Management (CSPM), Cloud Infrastructure Entitlement Management (CIEM), and Cloud Workload Protection Platform (CWPP) capabilities. It provides organizations with a centralized dashboard to monitor, manage, and secure their cloud environments effectively. With CNAPP, organizations can proactively identify and remediate security risks, enforce compliance policies, and protect against advanced threats across their entire cloud infrastructure.

SSPM, on the other hand, focuses on securing Software as a Service (SaaS) applications and environments. It enables organizations to assess and manage the security posture of their SaaS applications, detect unauthorized access, and enforce data protection policies. SSPM empowers organizations to gain visibility into their SaaS usage, identify potential risks, and ensure compliance with regulatory requirements.

CheckRed takes a holistic approach to addressing third-party risk by integrating CNAPP and SSPM into its comprehensive cloud security solution.

• CNAPP enables organizations to assess the security posture of their cloud infrastructure and identify vulnerabilities introduced by third-party dependencies. It provides visibility into the security configuration of third-party services and helps organizations enforce security best practices and compliance standards across their entire ecosystem.
• SSPM complements CNAPP by focusing on securing SaaS applications and environments, where third-party dependencies are prevalent. It enables organizations to monitor user activity, enforce access controls, and protect sensitive data within SaaS applications.

By leveraging both platforms, organizations can easily and effectively manage and mitigate the security risks posed by third-party vendors and service providers.