Welcome to This Week in Cloud, a weekly digest of most important cloud and cybersecurity stories. This week we look at the often overlooked cyber risk from business partners, the first-ever US government CISO, and a $121 million cyber crime ring.
The Search for Third-Party Trust
A single department within a company may outsource work to dozens of vendors, from marketing agencies to supply chain contractors. These third parties are increasingly the weakest link in the cyber kill chain. The infamous Target credit card breach was traced to a vulnerability in their HVAC vendor’s systems. Now a healthcare company, Highline Medical Center, has potentially lost patient information due to a data breach at a consultant partner. Several technology companies are teaming up to address this challenge. Uber, Airbnb, and others have founded the Vendor Security Alliance to furnish companies with the expertise and resources to evaluate the risk of vendors. VSA will provide companies with a survey to distribute to vendors to establish their cybersecurity risk.
Vendor Error Leads to Another Possible Healthcare Data Breach | Elizabeth Snell, Health IT Security
Uber, Square, AirBnB, and Others Form Cybersecurity Coalition for Vetting Vendors | Ken Yeung, VentureBeat
Huge Paydays for Cybercriminals
New research from Intel recently found that a ransomware network pulled in $121 million in payments in the first half of 2016. Experts estimate the ransomware distributor’s profits at $94 million, suggesting a highly efficient operation. The model of cybercrime-as-a-service, which allows technical experts to rent out attack infrastructure to other criminals, reduces the risk of being caught for those using the tools and allows the hosts to reap a percentage of the profits. Authorities estimate only 100-200 insiders power this industry, offering solutions to a wider network of criminals who are not necessarily hackers by profession.
Ransomware Network Chalked Up $121M in 1H 2016 | Eileen Yu, ZDNet
Cybercrime-as-a-Service Economy: Stronger Than Ever | Mathew Schwartz, Bank Info Security
US Government Builds Up Cybersecurity Capabilities
The US government’s cybersecurity reputation has been marred by the high-profile breach at the Office of Personnel Management, which resulted in the loss of 21.5 million background checks of federal employees and their friends and family. Following the breach, the Obama administration has taken unprecedented steps to improve the federal government’s capabilities. The White House named the first ever Federal CISO, appointing a former Air Force brigadier general to the position. In Congress, the effort to modernize federal IT systems received a huge boost with a bi-partisan coalition to secure funding.
Merged IT Modernization Bill to Include Central Fund | Carten Cordell, Federal Times
By the Numbers
The share of executives who lack a clear understanding of cybersecurity protocols within their own companies, despite the growing prominence of cybersecurity among boards of directors.
The amount of time a researcher waited for Oracle to release a patch before announcing a critical MySQL zero-day vulnerability.
The percentage of IT security professionals who say data loss is a top or significant concern in the age of collaboration.