New Zealand’s central bank reports that an anonymous hacker who has potentially accessed commercially and personally confidential information has compromised one of its data systems.
According to a statement, from a Wellington-based bank, a third-party file-sharing service used by the Reserve Bank of New Zealand to share and save confidential information had been hacked fraudulently.
The breach was contained in the statement from Governor Adrian Orr stating the core functions of the bank “remain sound and operational,”
The governor also stated that it will take time to grasp the consequences of this breach fully, and we are working with system users who may have access to the details.
The bank refused to respond to questions sent by email seeking further details.
It is unknown when the breach occurred or any signs of who was liable and what country the file sharing service is based.
In the past year, many prominent organizations in New Zealand have been prone to cyber-attacks, including New Zealand’s Stock Exchange, which had its servers out of public view for nearly a week in August.
Dave Parry, the computer science professor at the University of Auckland, told Radio New Zealand that another government might have been behind the bank data breach.
“Ultimately, if you were coming from a criminal perspective, the government agencies aren’t going to pay your ransom so you’d be more interested probably coming in from a government-to-government level,” Parry said.
Third-Party Breaches Are on the Rise
In this interconnected business world, it is usual for businesses to exchange different data with vendors. Nowadays, data breaches are nothing new—continuing with their disturbing tales. 2020 saw data breaches take their place squarely in the press. While this included prevalent phishing, malware, malware, and ransomware attacks, third party breaches have also been found to have cost businesses millions of dollars in recent years.
To survive in an interconnected digital environment, companies need to prevent potentially exorbitant third-party breaches that could lead to higher costs than data breaches caused internally.
Is Your Business Secure?
Does your business share any details with marketing agencies or companies that manage the bill? Does it outsource deliveries to a firm that has access to your sales information? Is a third-party tracking your physical security systems?
If yes, be warned that managing cyber risk to third parties is totally out of your direct control.
There are, however, a few clear measures to be taken to reduce to some degree such instances of third-party data breaches.
So, What’s the Drill?
Be thoroughly informed of your vendors- The question may seem obvious, but it is essential to understand what your organization’s extended ecosystem is about. When you are ready with your list of vendors, the next important point is to know what data and networks your team can share with each of them. Will they need the amount of access they have? If you don’t, go, set some limits.
Know Your Third Parties- Identifying who is in their extended enterprise is just as critical as identifying the third parties. So, make sure you take an inventory of all third parties with which your entity has a relationship.
Be Sure To Include Risk Management Into Your Contracts- observe the trend of integrating cybersecurity risk into your third-party contract. Indeed, this would not deter a third-party breach, but this will hold the provider accountable if their cybersecurity risk status changes and they fail to fix it. Ensure that there is a provision in the contract that third parties are expected to provide information about all their future third parties to disclose confidential information.
Keep an eye on security standards- standards are critical factors in ensuring compliance. Suppose your company is regulated by standards such as PCI DSS Compliance, HIPAA, APRA CPS 234, GDPR, ISO 27001, SOC1,2, 3, or any other advanced set of IT security standards. In this instance, it is critical to implement these standards among your third-party vendors as well.
Review the vendors regularly- keep abreast of conventional static third-party monitoring, such as questionnaires; the most effective way to ensure your data safety is by continuous cybersecurity monitoring.
Need further advice & assistance?
Please note that a minute flaw of a trusted vendor provides many opportunities for hackers to access confidential data from your organization and your customers. If you don’t follow all the right approaches to cyber risk management by third parties, you will not be safe. Apart from the above, following advanced preventive steps to recognize and minimize your risks from third-party vendor breaches is something you can do in such circumstances.
Please connect with our Cyber Security Service Provider Cybernetic Global Intelligence (CGI) expert team, a leading Aussie cybersecurity firm with years of experience providing outstanding cybersecurity services. You can call 1300 292 376 or send an email at any time to Contact@cybernetic-gi.com for assistance.