All the way back in 2016, the FBI was warning law firms that they were a target. Fast forward five years later and two of the largest law firms in the U.S. were both hit by a data breach within a span of two weeks. Maybe it is time to start taking note of that warning. The cause of these hacks were due to a third-party data breach. This is yet another reminder of just how important it is to be able to trust that a vendor is secure.
According to Bob Dooling, a security risk manager, this wasn’t the case for Accellion, the vendor that caused the breach for Jones Day. He notes that Accellion has had a “track record of severe, readily-exploitable vulnerabilities.” In 2016, Facebook even stepped away from working with the vendor after just a single person was able to exploit vulnerabilities in their system. Could it be that this was the same vulnerability that caused the Jones Day breach half a decade later? I would hope this is not the case but this cannot be good for their reputation.
Only recently our vCISO Jenai Marinkovic wrote an article discussing how supply chains are being targeted and also how large enterprises are focussing even more on their vendors meeting rigorous security requirements. This is something that Tiro Security has been helping clients with for 8 years now. SMB’s with large clients can have a working cybersecurity program that meets client’s requirements without breaking the bank. What’s even more interesting is that we are seeing these vendors use their security program as a business differentiator against their competition.