Supply Chain Risk

Industry Giants Impacted By Supply Chain Attack

It was recently announced that a well known supply chain for heavy hitters in the automotive and aerospace industry had been undermined. Visser Precision, a custom parts maker for major companies such as Tesla, SpaceX, and Boeing, revealed that it had been a victim of a cybersecurity attack that compromised many of their clients’ sensitive files. It is believed that the specific attack in question was caused by the DopplePaymer ransomware. DopplePaymer is a relatively new type of ransomware that works by initially extracting the company’s data then threatening to expose those files if payment is not made. According to TechCrunch, Brett Callow, a threat analyst at security firm Emsisoft, first discovered that there was a website posting files that had been stolen from Visser. These files which can be publicly found on the internet include sensitive documents such as non-disclosure agreements between both SpaceX and Tesla and Visser. The website hosting these stolen files note that there were a “lot” more files to be published.

What Makes Third-Party Attacks So Dangerous?

Third-Party attacks have been more prevalent throughout the years as hackers have figured out that instead of attacking one large business, they can hit a vendor and profit off of multiple large businesses. Such was the case for the recent Visser data breach. Even major companies such as Tesla and Boeing, with the resources and security that they possess, were still able to be impacted by the breach. This goes to show that it is not only vital to make sure your business is secure from cyberattacks but also your vendors as well. Neglecting to do so would end up being very costly. Take the Healthcare Industry for instance which has lost about $23.7 billion a year due to third-party vendor data breaches according to security magazine. Of those healthcare organizations that were surveyed, more than half have experienced a data breach due to third-party vendors in the last two years. Third-party security risk is both a costly and tricky situation to deal with which is why they should not be neglected and should be planned for accordingly.

How We Tackle Third-Party Risk

Breaches such as Visser’s are damaging enough to put vendors out of business while being very costly for the clients they work with. No one wants to be known as the weak link that caused the breach. Tiro Security has a history of helping large companies assess their third party vendors as well as helping these third parties vendors meet the security requirements expected of them. For more information on how we are able to be of assistance, call (424) 216-8476 or continue visiting our website for more information.

Posted in