INTRODUCTION – 3rd Party Breach
This module talks about a really important topic in the area of third-party breaches; he talks about how much damage you do to organizations intentionally showing real-world case studies. As organizations often depend on external partners and third-party vendors for various services, the cases become riskier in terms of giving sensitive data to third parties.
Studying third-party relationships would help participants understand how such relationships can be shaped in cybersecurity in terms of vulnerability and also how breaches can be examined and what their consequences are. This module will then look into such an examination, plus many other case studies including one as popular as Quest Diagnostics.
The module enables learners to understand these terms thoroughly to ward off the financial, operational, and reputational implications of third-party breaches. Learners would also learn new best practices proven to be effective in the prevention of third-party breaches, thereby enabling them to implement proactive measures that would strengthen the capacity of their organizations to meet a continuously evolving threat landscape in security.
Learning Objectives
- Tell the story of prevention methods for third-party breaches based on analysis of firms that have been able to prevent third-party breaches.
- Discuss the implications of a third-party breach at Quest Diagnostics.
- Identify the vulnerabilities exploited in the Quest Diagnostics third-party breach.
- While summarizing the timeline of that breach, write a timeline of the Quest Diagnostics third-party breach.
- Impact on individuals and businesses from third-party breaches.
- Best practices in preventing third-party breaches.
Classify the types of third-party breaches. - Define third-party breach.
THIRD-PARTY BREACH KNOWLEDGE CHECK
1. A cyber attack originating from which three (3) of the following would be considered a supply-chain attack? (Select 3)
- An environmental activist group
- E-mail providers (CORRECT)
- Subcontractors (CORRECT)
- Web hosting companies (CORRECT)
Partially correct!
2. Which three (3) of these were cited as the top 3 sources of third-party breach? (Select 3)
- Cloud-based storage or hosting providers (CORRECT)
- Online payment or credit card processing services (CORRECT)
- JavaScript on websites used for web analytics (CORRECT)
- Security vulnerabilities in operating systems
Partially correct!
3. True or False. While data loss from a third-party breach can be expensive, third-party breaches account for less than 22% of all breaches.
- True
- False (CORRECT)
4. According to a 2019 Ponemon study, what percent of consumers say they will defect from a business if their personal information is compromised in a breach?
- 10%
- 51%
- 80% (CORRECT)
- 92%
THIRD-PARTY BREACH GRADED ASSESSMENT
1. True or False. According to a 2018 Ponemon study, organizations surveyed cited “A third-party misused or shared confidential information…” as their top cyber security concern for the coming year.
- TRUE (CORRECT)
- False
2. How effective were the processes for vetting third-parties as reported by the majority (64%) of the companies surveyed?
- Highly effective
- Effective
- Somewhat or not effective (CORRECT)
- Not effective at all
3. In the first few months of 2020 data breaches were reported from Instagram, Carson City, Amazon, GE, T-Mobile, radio.com, MSU, and Marriot. While different data were stolen from each organization, which two data elements were stolen from all of them? (Select 2)
- Corporate financial data
- Personal information (CORRECT)
- Customer financial information (CORRECT)
- Confidential corporate strategy data
Partially correct!
4. True or False. More than 63% of data breaches can be linked to a third-party.
- True (CORRECT)
- False
5. According to a 2019 Ponemon study, which is the most common course of action for a consumer who has lost personal data in a breach?
- Tell others of their experience (CORRECT)
- Use social media to complain about their experience
- Comment directly on the company’s website
- File a complaint with the FTC or other regulatory body
CONCLUSION – 3rd Party Breach
The examination of third-party data breaches, along with the aftermath it leaves through case studies, goes a long way to unearth very important parts of cybersecurity complexities. Through a real-world case study, participants pick up in-depth knowledge on possible risks that may arise from third-party relationships, in addition to the impact they may bear on the organization in terms of security and operations.
With such wisdom, individuals will be able to contribute to sparking effective risk management, solidifying strategic partnerships, and improving defenses against external cyber threats. Thus vigilant and proactive, organizations can face the third-party engagement challenges boldly to protect their assets and maintain trust among stakeholders in this rapidly interelated digital world.