Just two days after we published our ‘Worst Healthcare Data Breaches of 2021” blog, reports came in on January 1st, 2022 that a Fort Lauderdale health care company was compromised by an attacker. Patient and employee personal identifiable information (PII) was exposed at Broward Health including names, addresses and even social security numbers and bank account information. The breach occurred back in October 2021, however, it’s reported that there is no sign of ‘misuse’ of this data as of now. Broward Health has taken action to strengthen their security after this incident including a company-wide password reset as well as implementing two-factor authentication – but is it enough?
How exactly did this attacker gain entry to the Broward systems? Well, through a third party medical company who was granted access to the Broward Health network. This headline sings a tune that we are very familiar with at Sonrai, and that is one of a trio of blind spots, access, and third-parties.
Third-Party Related Risks
Third-party data breaches occur when sensitive data is stolen from a third-party vendor or when their systems are used to access and steal sensitive information stored on your systems. In today’s modern enterprise, companies rely on third-parties to outsource large parts of their business to specialized sectors, whether that be via a vendor, third-party service provider, or contractor.
It’s a wonderful and resourceful partnership, but the reality is these third parties aren’t typically under your organization’s control. You likely won’t have complete transparency into the third party’s information security controls. Some vendors can have robust security standards and good risk management practices, while others may not. This means that each vendor you work with, whether directly or indirectly, impacts your cybersecurity.
According to research done by the Ponemon Institute, third parties are involved in over half of the data breaches in the US, and a third party breach costs, on average, twice what a normal breach costs. Data breaches don’t just cost your organization money, it damages your reputation, your bottomline, and more.
Providing remote access to third parties without implementing the appropriate security safeguards is almost guaranteeing a security incident or a data breach. It is important that organizations assess the security and privacy practices of the third parties that have access to their systems and ensure that it abides by the Principle of Least Privilege.
At Sonrai, we are hyperfocused on reducing data and identity access risks, and that includes visibility into third party risks in the public cloud. As a result, we have strong insight from our security experts into how third party breaches occur and how to prevent a data breach from happening in your AWS, Azure, and Google Cloud environments.
We understand clouds are complex. So complex that the onslaught of identities and entitlements provided to 3rd party vendors are easily a blind spot that can lead to unintended exposure of data. Oftentimes, organizations will provide 3rd party vendors with highly privileged roles that can lead to a full account takeover. In the majority of cases, these permissions are simply a mistake because the third party doesn’t actually need them, and the organization isn’t even aware that they gave them to the vendor.
Curious about the specific examples we often see?
The most common oversight is the AWS ReadOnlyAccess policy, which is an extremely popular policy amongst 3rd parties. Vendors and customers believe it’s a harmless policy, but instead, it provides wide read access to many of your databases – DynamoDB, S3 buckets, SQS queues, and more.
It’s common in Azure too. Azure Policy can enforce the creation of an Azure SQL Database or Azure SQL Managed Instance with Azure AD-only authentication enabled during provisioning. With this policy in place, any attempts to create a logical server in Azure or managed instance will fail if it isn’t created with Azure AD-only authentication enabled. So many teams will apply an Azure Policy to the whole Azure subscription or a resource group – including unnecessary third parties.
Ready to secure your cloud?
Sonrai Security is dedicated to providing your business the insight it needs to prevent, detect and remediate unintended access risks internally or through third parties. Outsourcing to third-party experts serves a great purpose in bolstering your business, but don’t let it be what takes you down. Secure your perimeter. We’ll be happy to help. Contact Sonrai Security.