Understanding Third Party Data Breaches
A third party data breach occurs when an individual’s login identity and/or personally identifiable information (PII) has been disclosed by a third party system or service. A third party system or service is one that is unrelated to your business.
Third party data breaches are a security risk to your business and your employees. To understand this risk, we look at human behavior and the nature of modern cyber attacks. Knowing the risks, we look at ways to identify and respond. We discuss methods to ensure you are properly protecting your employees and your business.
The Risk of Human Nature
Multiple studies show that between 65% and 70% of humans will use identical or similar passwords across systems. The practices of “patterning” and “mimicking” passwords is more common across accounts using the email address or username as the account identity, whether or not the login is for a business system or some other system or service.
Think about employees using their work email for business-related services, such as video conferencing services, LinkedIn, or file sharing services. Some employees may have accounts to online stores for purchasing materials or supplies. A breach in any of these systems, which are out of your control, poses a risk to your business.
A second aspect of human nature that works against us: humans are social creatures. People, at different levels, want and need to interact with others. In general, humans are trusting and we want to be helpful. We will share information if and when it fits within typical interactions and when we think we are helping ourselves or others.
The Risk of Cyber Attack Methods
Currently, sophisticated criminal organizations (sometimes backed by hostile nation-states or terrorist groups) execute the vast majority of cyber attacks. They often sell and trade methods, malware, and data on the dark web, as different organizations build specialized expertise. Modern cyber attacks reflect the sophistication and expertise of the cyber criminals. Most cyber attacks involve indirect and direct methods.
We define indirect attacks as those intending to gather information. Cyber criminals collect useful information in order to conduct direct attacks and to sell to other criminals. Phishing, social media “clickbait”, and third party data breaches are three common examples of indirect attacks that provide personal information for further attacks.
We define direct attacks as those intending to gain access to your systems and information. These include compromised user identities or credentials, ransomware, activity/keystroke monitoring, business email compromise attacks, and other attacks where your data is exposed or altered.
Direct attacks are more successful if they use data gathered from previous, indirect attacks. And while cyber attackers may manage the complete attack, it is more common for those interested in direct attacks to buy data from those that specialize in conducting indirect attacks. Your answers to quizzes and games on Facebook are being sold to cyber criminals that will use that information against you in a future attack. Indirect attacks also gather information that allow the attackers to impersonate you, organizations, or those around you.
Maybe the information lets them craft a surprisingly real-looking email asking you to log into a fake website, or to transfer money to a vendor using incorrect banking information. Or, you are asked to share the MFA code you received by text. And with enough information, the attackers pretend to be you and ask your customers to make a payment by wire or ACH transfer using their banking information, not yours.
Tracking Third Party Data Breaches
The best method of tracking third party data breaches is subscribing to a monitoring and alert service. Use the service to scan and monitor the dark web for data breaches related to any email address from your business domain(s). The service should send you alerts that include:
- Email address of the breached account
- Origin of the breach, if known and disclosed
- The Source of the breached data (where was the data posted/visible)
- The type of the compromise
- When the data was found
- If a password was compromised, and if the password is visible or encrypted
- Any PII disclosed in the breach
Using this information, you can assess the risk and take appropriate actions in response.
At Cumulus Global, we partner with DarkWeb ID for third party data breach monitoring and alerts. Our eBook, Understanding Third Party Breach Alerts, covers how to analyze alerts, assess risks, and respond accordingly.
Protecting Your Business
To fully protect your business, you security strategy needs to ensure you have three things in place:
- You and your team should understand your security risks and how your behaviors can help or prevent an attack.
- Have procedures and technologies in place to protect you from successful attacks
- Have security services in place to prevent the disclosure or loss of data and/or system access.
- Capabilities and services in place to respond should an attack be successful, and to help your business recover.
We developed our Security CPR Model specifically to help small and midsize businesses create, deploy, and manage an appropriate security strategy.
- Communicate & Educate
- Communicate with your team that Cyber Security is a priority and educate them on cyber security risks, the need for everybody to be vigilant, and the behaviors/actions they can use to help prevent successful attacks.
- Develop policies and procedures to establish clear expectations for how your organization will maintain cyber security and how your team will use security technologies and services.
- Protect & Prevent
- Select, deploy, and maintain security technologies and services that match and support your cyber protection needs and priorities.
- You can simplify your security services by focusing on the most likely threats and those that would have the greatest impact if successful (see: How Can SMBs Streamline IT Security?)
- Respond & Recover
- Put systems in place to recover lost or damaged data and systems; consider business continuity solutions that enable you to continue operating your business while restoring your primary systems.
- Pre-arrange resources to help you respond to the technical, regulatory, legal, reputation, and customer service impacts of a successful cyber attack
You can learn more by viewing Security CPR, our 3T@3 Webcast from January 2023.
Call To Action
Complete our Rapid Security Assessment (free through June 2023) for a review of your basic security measures.
Or, contact us or schedule time with one of our Cloud Advisors to discuss your security needs, priorities, and solutions.
About the Author
Allen Falcon is the co-founder and CEO of Cumulus Global. Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.