The Utility sector is under constant attack from hackers looking to steal private information. In this week’s article posted by the Wall Street Journal, threats to critical infrastructure by Russian infiltrators have reached the control rooms of hundreds of U.S. utilities. Compromises to these networks are alarming when you consider the extensive damage that could be done to the U.S. power grid, including potentially lengthy blackouts.
So how did Russian hackers execute this campaign? According to the Department of Homeland Security, the infiltrators “first penetrated the networks of key vendors who had trusted relationships with the power companies.” They used common techniques to steal credentials from these third parties to gain access to the isolated utility networks that were thought to be secure.
In today’s connected world, it’s not uncommon for an organization to have relationships with hundreds or thousands of third party vendors, sharing private information across a seemingly secure network. According to a recent report by Bomgar, an average of 181 vendors access a company’s network every week; more than double the number from 2016. Creating a vendor eco-system allows companies to focus on core competencies and reduce costs, but it also introduces risk.
Hackers have figured out that many of these vendors are small companies who don’t have big budgets to allocate to proper cybersecurity measures. Also, many organizations are stretched thin trying to strengthen their own security posture, let alone worry about their vendors’ security controls. The Russians aren’t alone in taking advantage of this weakness.
Organizations need to place a stronger emphasis on what’s going on with their extended enterprise, including any vendor or partner who has access to private data. After all, an effective third-party risk management program is essential to your overall security posture.
Prevalent helps companies manage third party risk. It is the industry’s only unified platform that integrates a powerful combination of automated risk-tiered assessments, continuous monitoring, and evidence sharing for collaboration between companies and their vendors. Prevalent’s actionable intelligence provides the most comprehensive view of vendor risk, creating maximum efficiency for all Third Party Risk Management programs.
To learn more, read Prevalent’s latest Briefing Paper, Best Practices for Reducing Third Party Risk.
Sara Muckstadt is a Product Marketing Manager at Prevalent, Inc. She is responsible for corporate marketing and demand creation activities, with a continued focus on positioning Prevalent as the leader in Third Party Risk Management.
A Microsoft zero-day exploit enables attackers to gain full admin privileges. Use this questionnaire to assess...