Where can you find the cracks in your cybersecurity armor?

When hackers evaluate the protections of a system, they’re looking for any chinks in the armor.

You can bet when they find any weakness, they’re going to exploit it.

But those cracks in your own armor may not be appearing where you’re expecting them.

While you may be doing everything in your power to protect sensitive data, can you say the same for your vendors and other third parties in your company’s network?

Post-production snafu

Recently, online streaming giant Netflix found out there was a crack in its cybersecurity when several episodes from its popular series Orange is the New Black were held at ransom for 30 bitcoins –  roughly equivalent to $45,000.

Netflix didn’t pay the ransom, and the hacker put the episodes online.

But anyone who watched the episodes hoping for a polished season might have been disappointed to find there were odd sounds, editing notes, and whole scenes missing.

That’s because the hacker stole the episodes from Netflix’s post-production company, Larson Studios.

As with any industry, product can move about to various third-party vendors before finally reaching the consumer.

This is the same for film networks, and Larson Studios is a popular vendor that also does post-production work on shows for FOX and CBS.

Hackers who are hoping to steal from the larger networks, may be discouraged by the networks’ beefed up security systems, but are finding softer targets among those the networks do business with.

Netflix and the film industry aren’t the only ones suffering from these vulnerabilities in their work networks.

Musical mishap

Back in December, a hacker was able to successfully bypass security systems at two music management companies – September Management  and Cherrytree Music Company – by using a spear phishing technique.

In email, the hacker impersonated an executive at Interscope Records, a record label owned by Universal Music Group, the hacker was able to convince executives at both companies to send Lady Gaga’s stem files.

Just like Netflix’s files, these were raw files used for remixing and remastering.

Also like Netflix, the hacker had taken advantage of a vulnerability within the extensive network of collaborators and vendors.

Is the vendor safe?

Almost 80% of all data breaches stem from a supplier or vendor relationship, according to estimates by risk intelligence company RiskVision.

Netflix and Lady Gaga are just two recent examples in a growing list.

For example, Target lost millions of credit card details when hackers penetrated a smaller Pittsburgh-based refrigeration company that had been given network access.

When problems aren’t directly yours to fix, how can you be expected to address them?

Well, there are a few ways you can protect data by taking these pro-active steps when dealing with vendors:

  • Screen vendors’ IT security systems. Make sure it’s up to your company’s and your personal standards.
  • See what IT policies the vendor has on the books. Cybersecurity isn’t just about the programs, but the training the people receive.
  • Revisit your procedures. It should be clear what emails and phone numbers authorized personnel will use to communicate with the vendor.
  • Have the vendor evaluated by a third-party security specialist. There are companies who specialize in checking a firm’s security health.