Network Security
Vulnerability Management
Privileged Access Management
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
Hackers claim seizing 1.4 GB of data belonging to National Security Agency (NSA) after third-party contractor data breach.
The announcement appeared on a dark forum, according to the Cyber Press journalists, who swiftly notified the US gov and NSA officials about the potential leak.
More about the National Security Agency data leak
Cyber Press posted a screenshot of the announcement. Gostingr, the alleged attacker, had joined the dark forum on June 22, only two weeks and a half before posting the message, on July 9th.
The attackers said they got access to the compromised data due to breaching Acuity Inc., a third-party collaborator of NSA.
The database contains:
- Full names
- Phone numbers
- Email addresses belonging to NSA employees and affiliates
- Classified documents and communications between certain groups and the US allies
Source – CyberPress.org
The NSA data leak impact
Now, the news about the NSA data leakage only appeared on a few specific websites. Further investigation should validate or dismiss Gostingr’s claim and reveal how did the breach got to impact NSA’s data.
If the allegations are real, then hackers have enough data to use for social engineering, phishing attacks and online impersonation.
Furthermore, they could sell the data to entities that would use them to find out more about NSA’s operations, methodologies, and team members. This could compromise ongoing and future missions.
How to secure your data when working with a third-party vendor
Interconnectivity and the need for swift communication makes it harder for IT teams to protect data. When working with a third party that needs access to your assets, like databases, you need to take extra caution measures. Here are 5 of the most important things you need to do before starting and during a collaboration involving your private data.
Sign a Security Agreement
According to your own security policy, create a contract that outlines your security needs and expectations. Set clear who is responsible for what in your partnership.
Include clauses for data protection, confidentiality, breach notification, and compliance with relevant regulations, like GDPR or HIPAA.
The contract should include the right to audit and assess the contractor’s security practices.
Use data encryption
Encrypt all sensitive data both in transit and at rest. For communication processes and remote work, use safe channels like VPNs, encrypted email, and end-to-end encryption.
Enforce the principle of least privilege
The third-party vendor should only have access to the data and systems they need to deliver their services. Implementing the principle of least privilege and a just-in-time access policy strengthen security across the whole infrastructure.
Role-based access control (RBAC) and regularly reviewing and updating access permissions are also privileged access management best practices.
Privileged Account and Session Management (PASM) solutions make it easier and faster for IT teams to manage privileges and access sessions across a company’s infrastructure.
Training and awareness:
Organize security training sessions for the contractor’s staff or make sure you ask them to cover that in the Security Agreement. It is equally important that their team and your own employees are security-educated and follow the organization’s security policies and procedures.
Regular security audits
Perform regular security audits of the contractor’s systems and processes to catch in time a potential threat. Address any identified vulnerabilities or compliance issues fast.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.
