Third Party Service Providers

DATA BREACHES & RANSOMWARE

• Sacramento Bee Data Breach 2018
• Risk of Third Party Service Providers
• Ransomware
• January 2018, The Sacramento Bee Newspaper had two databases on a third-party
computer server that were infected with ransomware, exposing voter registration data and
contact information of subscribers

• The information was compromised last month after the third party vendor performed routine
maintenance and the firewall did not come back online. With the firewall down, the
database was exposed to the public internet for about two weeks (Sacbee, 2018)

• ‘The Bee’ did not pay the ransom and deleted the databases
Risks of Third Party Service Providers
• Granting access to an outside party lowers your security level to that of the
provider or vice versa

• Damage to business/personal reputation

• No control over how TPSP’s operate

• Software they use could be vulnerable

• Complete access – Why bother with a firewall?

 Solutions
• Conduct a full assessment – Tour facility, meets security standards, security policies set

• Low access to systems – Separated by internal network and firewalls

• Restrict access to specific time periods

• Enforce multifactor authentication – Unique credentials

• Prepare with incident response and disaster recovery plan – Test it

 Ransomware
• First seen in Russia and Ukraine 2005

• Prevents or limits users from accessing files

until ransom is paid – if not, files are ‘deleted’

• Targets wide range of users, including

hospitals
 Solutions
• Back-ups of back-ups of back-ups – Make them, regularly.
Don’t pay

• User education – Understanding how it is spread and how to

avoid

• Move to the cloud – Although keep in mind, TPSP’s

• YARA – Malware research and detection

• AppData/LocalAppData – Legitimate software can

execute from these locations
 Sources
• The dangers of granting system access to a third-party provider. (n.d.). Retrieved from
http://searchsecurity.techtarget.com/tip/The-dangers-of-granting-system-access-to-a-third-party-provider

• How to Protect and Recover Your Business from Ransomware. (2017, May 15). Retrieved from
https://www.pcmag.com/article/345531/how-to-protect-and-recover-your-business-from-ransomware

• The Third Party Data Breach Problem. (2017, July 27). Retrieved from https://digitalguardian.com/blog/third-
party-data-breach-problem

• Voter, Bee databases hit with ransomware attack. (2018, February 7). Retrieved from
http://www.sacbee.com/news/politics-government/capitol-alert/article199008579.html

• Ransomware - Definition - Trend Micro USA. (n.d.). Retrieved from

https://www.trendmicro.com/vinfo/us/security/definition/ransomware