Vendor Risk Management

Breaking Down 3 Of The Latest Cybersecurity Breaches

Melissa Stevens | August 11, 2016

Even with every safeguard in place, it’s simply impossible to avoid all cybersecurity breaches. That being said, there are things you can do to lower the chance of a catastrophic one happening in your organization. By looking at a few recent attack vectors and what can be done to mitigate the risks these companies weren’t prepared for, you can help make sure your organization is prepared for a possible cybersecurity breach. 

1. Democratic National Convention (DNC) Breach 

In one of the most highly publicized securitybreaches of the year, attackers were able to breach the Democratic National Convention. It appears that the breach was targeting information regarding opposition research on Donald Trump, and it has been confirmed that the bad actors were able to view internal communications—including all emails—from the DNC. WikiLeaks exposed all of the archive material from this breach online, and the fallout resulted in the resignation of several high-level officials, including the chairwoman of the DNC.

In addition to this breach, two less-publicized breaches took place right around the same time:

Whether or not these three attacks are related has not been confirmed. Many have speculated that the hacks are attributed to Russia in a broad attack against the Democratic party. However, a hacker who goes by the handle Guccifer 2.0 claimed responsibility for the DNC breach and has denied any Russian connection. Neither of these stories have been confirmed by the DNC or authorities at this time.

There are a few critical takeaways to draw from this trio of breaches:

  • Cybersecurity has been brought to the forefront of the 2016 presidential election through these breaches. These events have brought cybersecurity onto the national stage in a big way—so we’re poised to see how the candidates bring it into their platforms.
  • Any organization handling personally identifiable information (PII) should keep its security standards as up-to-date as possible. The DNC deals with critical donor information—like payment card information—regularly. This, coupled with the fact that political organizations are targets for cybercrime, made the DNC a good target.

2. Kimpton Hotels Breach

On July 26, 2016, Brian Krebs wrote about the breach of the Kimpton Hotels chain. This was a point-of-sale (POS) malware breach that captured customer payment card information. As of now, we don’t know how many customers were affected. This is similar to attack vectors we’ve seen on other hotel breaches in the past year—both Hyatt and Hilton were breached in 2015.

There are several takeaways to draw from this POS breach:

  • Companies should ensure they’re using a trusted point-of-sale provider when dealing with sensitive customer payment card information. They should also make sure their vendors take advantage of new technologies like EMV card readers.
  • Companies need to monitor both their physical and vendor environment for POS breaches. The compromise of payment card information doesn’t always happen, say, at the front desk of a hotel—it may take place in an associated franchise cafe or hotel convenience store. This could be because those terminals are not as well protected—so you’ll want to pay careful attention to those areas to make sure nothing flies under the radar.

Make your vendor risk management process extremely efficient by using these tools and techniques.

3. Russian Government Breach

In early August 2016, the Russian government released information that 20 state agencies—as well as Russian defense contractors that handle sensitive military information—were found to be compromised by some kind of malware cyber intrusion. As of right now, we do not have a list of every agency that was compromised, nor any additional information.

In Conclusion

Employee vigilance is critical for all organizations to keep in mind. Employees should be trained not to click on email attachments and to keep an eye out for suspicious email communications—as phishing emails like this may have led to the DNC and Russian compromises. Additionally, it’s important to monitor your network outside of your immediate physical environment and be mindful that hackers are always looking for their best angle of attack.

security-managers-guide-to-VRM

Suggested Posts

Can Your Vendor Assessments Be More Efficient?

If you’re using a “one-size fits all” approach to managing your vendor lifecycle, you are missing opportunities to save money and operate more efficiently. Vendor management efficiencies don’t end in the onboarding stage: using a...

READ MORE »

Do You Have The Right Vendor Management Policies?

If you’re experiencing frustrating delays and procedural roadblocks during your vendor management process, you’re not alone. Security managers are seeing an increase in the number of third-parties integrating with their business, and ...

READ MORE »

3 Ways To Make Your Vendor Lifecycle More Efficient

During this dynamic and stressful workplace environment 2020 has brought us, finding the most efficient ways to perform in your job has never been more important. When it comes to managing your vendor lifecycle, there are three ways you...

READ MORE »

Subscribe to get security news and updates in your inbox.