For years, policymakers have been concerned about a catastrophic cyberattack that could disrupt the electric grid, causing widespread power outages and impacting national security, the economy and public safety. As electric utilities and the government grapple with the myriad of cybersecurity challenges affecting critical electric infrastructure, a new challenge has emerged: cyber risk to the thousands of different businesses, vendors and suppliers that make up the electric sector supply chain.Corporations and government agencies alike are increasingly focused on cyber risk to the supply chain because data breaches affecting critical vendors, contractors and other business associates can cause direct harm to the first-party organization. These third-party incidents represent a growing attack trend. There is perhaps no more famous incident than the 2013 breach affecting the retailer Target. In that incident, attackers penetrated the network of Target’s HVAC (heating, ventilating and air conditioning) contractor, which had a direct connection into Target’s network in order to observe refrigeration units in each of the stores. Gaining access to the HVAC contractor, the attackers rode directly into the Target network and stole millions of credit card numbers. The result was not only a material financial loss for Target, but also the ousting of Target’s CEO, chief information officer and the near-dismissal of several key board members.
Target is just one of a number of retailers that have experienced third party breaches. Lowe’s, Goodwill and other retailers have also been victimized through their third parties. And it’s not just retailers. The recent U.S. Office of Personnel Management data breach that compromised the data of millions of federal employees provides another example of how storing data on a third-party server can have catastrophic consequences. For the full article click here
from cyber security caucus http://ift.tt/21ZLKdc
via IFTTT
No comments:
Post a Comment