Organizations that fail to prepare for vendor attacks put themselves at risk of a multiparty security breach – where a single compromise can infiltrate up to 800 companies, according to a new analysis from data science firm Cyentia Institute.
The report, which focused on the 50 most common multi-party security breaches, found that the average large security breach affected 31 organizations and cost $ 90 million, compared to a loss of $ 200,000 in a typical cybersecurity incident. While system intrusions were the category of incidents with the largest number of companies affected (57%), ransomware and wiper incidents caused the largest losses and accounted for 44% of all recorded losses, according to Cyentia.
In addition, attacks that were valid accounts and carried out by nation-state actors also caused much higher damage per incident, the company said.
The data analysis suggests that companies should put more effort into ensuring their suppliers and contractors are not providing access to their networks, says John Sturgis, data scientist at Cyentia.
“Even if you’ve never thought of being attacked directly by a nation-state actor, there is real credibility to thinking through the lens of what vendors I have that could be attacked and how I manage my exposure even within my third parties can u try and get into a manageable problem? ”he says.
The analysis, part of Cyentia’s “Information Risk Insights (IRIS)” Study uses data from insurance data provider Advisen, whose cyber loss database consists of nearly 100,000 cyber incidents. Cyentia combined the 30 largest multi-party events, measured on three different criteria: total costs incurred, number of people affected and number of organizations affected. The top 50 were then selected based on the combined totals and the amount of data available.
The lesson from the largest of the multiparty violations is that corporate cybersecurity and risk mitigation efforts need to focus not only on attackers targeting companies but also third parties, which affects those vendors’ customers downstream. Because of this, companies need to do more than just superficially check the safety of their suppliers, says Wade Baker, co-founder of Cyentia.
“There is a finite amount that any single organization can do to a well-resourced and determined party like a nation-state or some cybercriminal gangs,” he says. “However, I think it would be helpful to think of risk management in terms of more supply chain or third-party-centric thinking. And by that I don’t mean filling out a questionnaire.”
Kaseya Infringement Tops List
The analysis showed that the top attack the violation of the Kaseya Virtual System Administrator (VSA) server Used by many managed service providers, affecting at least 800 downstream organizations as of July. The second biggest attack was that Violation of the Global Payments credit card processor in 2012, which affected 678 organizations, the report said.
Meanwhile, among the most expensive violations are the 2017 NotPetya wiper attack caused by a breach of the Ukrainian software company Intellect Service, which makes accounting software that attackers implanted with malware to infect other companies. Second: Facebook’s $ 5 billion fine Collected by the US Federal Trade Commission in 2019 for the platform’s privacy and security flaws that allowed apps to collect user information from the platform and invade their privacy.
According to the analysis, information and professional companies are most often the first vector in a multiparty break.
External attacks made up almost all (97%) of the organizations affected by the top 50 attacks and accounted for 69% of the total losses. While 80% of the organizations concerned made up cyber criminals, according to Cyentia analysis 58% of the total losses caused the relatively small number of attacks by national actors.
However, insiders also played an overly large role in the event of damage – not as actors, but as transmitters. Insiders and third parties caused or indirectly contributed to 34 of the top 50 security incidents, accounting for 99% of all damage recorded, the report said.
“Bottom line: do not assume that your employees and third parties will harm you – that does not create a healthy or safe business relationship,” says the Cyentia report. “But you shouldn’t assume that everything will be fine if everyone shakes hands and sing kumbaya.”
#Damage #escalates #quickly #event #data #breaches #involving #multiple #parties