Welcome to This Week in Cloud, a weekly digest of most important cloud and cybersecurity stories. This week we look at the often overlooked cyber risk from business partners, the first-ever US government CISO, and a $121 million cyber crime ring.

The Search for Third-Party Trust

A single department within a company may outsource work to dozens of vendors, from marketing agencies to supply chain contractors. These third parties are increasingly the weakest link in the cyber kill chain. The infamous Target credit card breach was traced to a vulnerability in their HVAC vendor’s systems. Now a healthcare company, Highline Medical Center, has potentially lost patient information due to a data breach at a consultant partner. Several technology companies are teaming up to address this challenge. Uber, Airbnb, and others have founded the Vendor Security Alliance to furnish companies with the expertise and resources to evaluate the risk of vendors. VSA will provide companies with a survey to distribute to vendors to establish their cybersecurity risk.

Vendor Error Leads to Another Possible Healthcare Data Breach | Elizabeth Snell, Health IT Security

Uber, Square, AirBnB, and Others Form Cybersecurity Coalition for Vetting Vendors | Ken Yeung, VentureBeat

Huge Paydays for Cybercriminals

New research from Intel recently found that a ransomware network pulled in $121 million in payments in the first half of 2016. Experts estimate the ransomware distributor’s profits at $94 million, suggesting a highly efficient operation. The model of cybercrime-as-a-service, which allows technical experts to rent out attack infrastructure to other criminals, reduces the risk of being caught for those using the tools and allows the hosts to reap a percentage of the profits. Authorities estimate only 100-200 insiders power this industry, offering solutions to a wider network of criminals who are not necessarily hackers by profession.

Ransomware Network Chalked Up $121M in 1H 2016 | Eileen Yu, ZDNet

Cybercrime-as-a-Service Economy: Stronger Than Ever | Mathew Schwartz, Bank Info Security

US Government Builds Up Cybersecurity Capabilities

The US government’s cybersecurity reputation has been marred by the high-profile breach at the Office of Personnel Management, which resulted in the loss of 21.5 million background checks of federal employees and their friends and family. Following the breach, the Obama administration has taken unprecedented steps to improve the federal government’s capabilities. The White House named the first ever Federal CISO, appointing a former Air Force brigadier general to the position. In Congress, the effort to modernize federal IT systems received a huge boost with a bi-partisan coalition to secure funding.

White House to Name Retired Air Force General as First Cybersecurity Chief | CNBC

Merged IT Modernization Bill to Include Central Fund | Carten Cordell, Federal Times

By the Numbers 

40%

The share of executives who lack a clear understanding of cybersecurity protocols within their own companies, despite the growing prominence of cybersecurity among boards of directors.

40 days

The amount of time a researcher waited for Oracle to release a patch before announcing a critical MySQL zero-day vulnerability.

98%

The percentage of IT security professionals who say data loss is a top or significant concern in the age of collaboration.

Read More About Vendor Risk

Download the full report to read about the risks faced from connecting to business partners through the cloud.

Download Now