As organizations continue to rely on third-party technologies, third-party breaches have become common. One of the key ways to prevent third-party vendor breaches is to monitor your attack surface continuously. What Is a Third-Party Breach? As the name suggests, third-party data breaches are security violations caused by third-party contractors, vendors, and other businesses affiliated with an organization. In attacks like this, while the compromise comes from a third party’s computer system or processes, it’s the sensitive data from your organization that is exposed. As a result, your organization can suffer guilt — and damage — just by association with a third-party breach. The maxim of being as strong as your weakest link couldn’t be more accurate regarding third-party violations. This is because all it takes is just one application, device, firmware, or software component from a third party to get compromised for an attacker to get a foothold in your enterprise supply or value chain. What Kind of Attacks or Vulnerabilities Can Come From Third Parties? A third-party breach, oftentimes through a vulnerability in vendor software, can create a backdoor for hackers to access the host system. These underlying vulnerabilities are no different from general cybersecurity threats that can arise from cloud misconfiguration, the principle of least privilege not being implemented, poor coding practices, poor antivirus defenses, etc. These are just a few of the cybersecurity attacks that can result from third-party risks: Spear phishing Intellectual property theft Unauthorized network intrusion Data exfiltration Advanced persistent threats (APT) Login credential theft Ransomware attacks Malware and virus propagation Third-party breaches can create procurement and value-chain risks as well as lead to a supply-chain attack. What Is a Supply Chain Attack? A supply chain is a distributed system that provides the materials, resources, expertise, and technologies — typically through an array of vendor companies — required to create a product. Supply chains are necessary because no business is 100% self-sufficient. This is especially the case with software products and the constantly evolving complexity of modern software infrastructure. Many software developers typically use open-source components, including resources from third parties, which can open an organization to risk. A supply chain attack undermines an organization by targeting the vulnerabilities in poorly secured supply chain elements. As a result, hackers launch supply chain attacks by weaponizing the weaknesses in third-party vendor components to infiltrate a company. Simply being part of a supply chain can increase your attack surface, something that can unfortunately make it challenging to detect and prevent attacks involving them. As an example, in cybersecurity circles, although SolarWinds is a US information technology firm, it is now associated with something more pernicious. The SolarWinds hack, in which hackers infiltrated a backdoor in SolarWinds software and launched a malware attack, is already regarded as one of the most significant cybersecurity breaches of the 21st century. Attackers did this by compromising “Orion,” a widely used SolarWinds application. This consequently meant any company that used SolarWinds was automatically at risk. It’s estimated that about 18,000 SolarWinds customers were eventually exposed to the breach. The hack highlighted how devastating a supply chain attack can be now that global supply chains have become more complicated than ever. Supply Chain Regulations Supply chain attacks can disrupt and hinder businesses. In the aftermath of the SolarWinds cyber attack, policymakers have stepped up to provide more oversight. As a result, legislation and regulations have been crafted to provide adequate supply chain management. On February 24th, 2021, the Biden Administration issued an Executive Order to make America’s supply chains more secure and resilient. It tasked the heads of appropriate agencies to assess vulnerabilities and issue reports on critical supply chains for the US economy's vital industrial sectors and subsectors. On the first anniversary of the executive order, on February 24th, 2022, the White House issued The Biden-Harris Plan to Revitalize American Manufacturing and Secure Critical Supply Chains in 2022. Along with the capstone report, it emphasized the need to evaluate supply chain vulnerabilities across key product areas such as large-capacity batteries, semiconductors, critical materials, and minerals, along with pharmaceutical ingredients. In March 2022, the US Securities and Exchange Commission (SEC) unveiled proposed amendments to cybersecurity governance and risk management strategies. These were rules meant to enhance cybersecurity public disclosures, especially incident reporting by public companies. Supply Chain Compliance Standards These regulations compel organizations to adhere to specific compliance standards to maintain cybersecurity resilience. Some of these compliance standards and practices include: Maintaining up-to-date patch management. Clear audit and reporting procedures for transparency. Conducting third-party risk assessment and due diligence. Creation of standard operating procedures and policies for cyber incidents. Running penetration tests to evaluate the rigor of systems and their defenses. How to Respond to a Third-Party Breach Your organization needs to take steps in the event of a third-party breach. Preserve Evidence Having documented evidence is vital when it’s time to report the data breach to the relevant authorities accurately. Cybercriminals and malware have grown stealthier, making their activity more difficult to detect. Organizations may need to use forensic investigators to help uncover evidence depending on the scope. Respond Promptly Time is of the essence. The longer you take to respond to a security breach, the more time hackers have to burrow deeper into the corporate network and cause damage. Implement a Contingency and Incident Response Plan Develop threat models and contingency plans. In addition to enabling you to visualize potential threats, it gives you the latitude to respond nimbly when your supply chain is jeopardized. Provide Full Disclosure Data protection regulations like HIPAA and GDPR have reporting mandates to be upheld in a data breach. Ensure you have a notification toolkit that covers all the ground you need to cover in responding to policyholders, perhaps incorporating a data breach notification analysis. Security Best Practices To Prevent Third-Party Breaches Organizations must adopt a holistic approach to combat third-party breaches. A comprehensive third-party and supply chain management should include the following best practices:

To gain some insight into recent ransomware attacks, we look at 50 different attacks from December 2021 to December 2022.

The Protecting American Intellectual Property Act, signed into law last week, authorizes sanctions for organizations and individuals who carry out trade secret theft that harms the United States.

26 Intellectual Property Experts & Business Leaders Reveal the Biggest Misconceptions Companies Have About Insider IP Theft

Your organization is likely required to disclose data breaches to the proper authorities in your state, but sometimes going one step further is just as important.

Phishing simulation training? Audits? Incentivizing training? We talked to 18 infosec leaders and asked them what the best tools and techniques for employee security awareness training are.

Panama’s data protection law, similar to the European Union's GDPR, regulates the processing of personal data in the country and requires data be kept confidential, in a secure database.

Trying to find the right DLP solution for your organization? Learn how to get started with the latest tips for evaluating providers in this blog.

Preventing data loss is extremely important for any business. Without implementing certain procedures, your company could lose sensitive, important data.

Having a data classification matrix, part of a comprehensive data classification policy, can help organizations better determine the risk level of data.

Learn what a SQL injection is, how attackers can use them to damage organizations and their data, and how to best protect against SQL injection attacks in this blog.

Facebook. Twitter. Instagram. LinkedIn. YouTube. Pinterest. Mastodon. The list goes on. Whether you love or loathe social media, these platforms have become integral to how we communicate as individuals and businesses. Cybercriminals have also taken note, embracing these communication channels wholeheartedly to reach vast audiences quickly,...

29 Intellectual Property Experts & NFT Experts Reveal What Businesses Should Know about NFTs and IP Protection Non-fungible tokens (NFTs) have taken the digital world by storm, and interest in NFTs remains high, especially among digital-native generations. There's also an emerging interest in NFTs by businesses for their monetization potential and immutable transaction records. We've created this collection of expert tips to provide insight into what you should know about NFTs and intellectual property protection, such as: The transfer of NFT ownership does not confer ownership of the underlying asset. Those who are not well-informed may inadvertently infringe on the owner's IP rights. NFTs have already resulted in lawsuits for IP theft, trademark infringement and dilution. As the market is immature, it's not regulated, and there's minimal case law that can be used to navigate the legal waters. Copycats are a common problem in the NFT space. Robust cybersecurity is a must for businesses minting their own NFTs to safeguard their intellectual property. ...and more. But this merely scratches the surface of the ins and outs of NFTs and how they can protect or otherwise impact intellectual property rights. To provide more insight into what you should know about NFTs and IP protection to keep your business on solid financial and legal footing, we reached out to a panel of intellectual property experts, NFT experts, and business leaders and asked them to answer this question: "What should businesses know about NFTs and IP protection?" Meet Our Panel of NFT Experts & Intellectual Property Experts: Eloisa Marchesoni William Scott Goldman Terrance Blau Laura J. Winston Dominic Harper Alex Wang Raj Kallem Kyle Hill Maxim Manturov Eric Florence Radiance W. Harris, Esq. Joris Delanoue Craig Smith Jared Stern Bob Secord Maria Rebelo Mateo Silva Chris Olson Jack G Abid Volodymyr Shchegel Yanush Zaksheuski Mike Pedrick Rylee Armond Pedro Atencio Rexor Allen Vishesh Raisinghani Chris Seline Lew Zaretzki Guy President Keep reading to learn what your business should keep in mind regarding NFTs and IP protection. Eloisa Marchesoni Eloisa Marchesoni is a tokenomics expert and angel investor. "While it may be that the disputed NFTs discussed on the web experience drastic fluctuations in value due to..." Market volatility and, in some cases, negative publicity and uncertainty over the various exploits that have targeted the owners, as well as OpenSea and similar platforms, it is highly improbable for these cases to trigger a collapse of the general NFT market. A simple reason for this is that more and more big-name brands are taking their first steps into the NFT realm: Taco Bell, Coca Cola, and Nike are just a few. For these companies, the risk of their NFTs becoming the subjects of legal action is extremely low to zero because they own all the IP rights related to the underlying works. In a nutshell, a business minting NFTs based on proprietary IP will never incur such problems. The same cannot be said for freelance creators. In fact, on January 14, 2022, luxury design house Hermès filed a lawsuit against Mason Rothschild with the Southern District Court of New York, citing multiple causes, including trademark infringement and dilution. Mason Rothschild is a digital artist who has created METABIRKINS NFTs featuring the Hermès BIRKIN handbag design, and he is now accused of IP infringement. The case is still ongoing. The novelty of the NFT marketplace means that IP case law has yet to account fully for these assets. If an individual creator wishes to mint their own NFTs but is unsure of the legal repercussions, it's good to err on the side of originality or seek specialist advice. William Scott Goldman @GoldmanLawGroup William is a Senior IP counsel at Goldman Law Group, acquiring first-hand experience in the entertainment industry, business, and branding as the founder of several successful startups. He advises creative business clients, both established and early-stage, graphic designers, advertising agencies, and other attorneys/law firms. "From a legal perspective, under U.S. law, copyright exists in the underlying work if..." It's considered original and fixed in a tangible medium of expression.For instance, paint arranged on canvas could be considered a copyrightable work. However, minting the same as an NFT simply encodes the data on the blockchain as an electronic certificate of authenticity and automatic, smart contract. In fact, on most platforms, the purchaser can only sell or transfer the NFT to others while the author reserves all rights in the underlying work, including reproduction rights, public display rights, distribution rights, and rights to derivative works. Of course, this creates a host of new legal issues. Courts are now retroactively attempting to fit this technology within the framework of existing IP case law. Specific legislation will also likely be introduced, as we've seen in the past with the advent of other cutting-edge innovations. Meanwhile, enterprising businesses and individuals will continue testing the boundaries of what is legally acceptable in this rapidly-emerging digital frontier. Terrance Blau Terry Blau is a technologist and blockchain evangelist. As a data scientist and AI researcher, Terry has led projects funded by DARPA and the NSF. Currently, he is the Technical Operations Lead at Blockchainsure, where he develops deep neural networks for dynamically-priced insurance contracts. "IP ownership is hotly debated in the blockchain community..." Libertarian-leaning maximalists tend to hate IP claims and push for open standards for everything. Others are the opposite, filing copyright, trademark, and patent claims in the U.S. and elsewhere. But going after infringers is difficult since the blockchain community is a global network. If someone copies and resells your NFT jpeg but lives in another country that doesn't recognize judgments from your courts, how do you go about stopping that? There are some sophisticated technologies you can deploy to uniquely mark specific files that are associated with specific NFTs, and that may be part of the next generation of NFTs in the marketplace. It still doesn't solve the enforcement issue, but it can make it clear whether a particular jpeg file is original or not, which is part of the overall perceived value of any NFT. Laura J. Winston @LauraWinston Laura J. Winston is the chair of the Intellectual Property Group at Offit Kurman, P.A. Laura's law practice focuses primarily in the areas of trademarks, copyrights, and the internet, representing U.S.-based and international clients, from individual business owners and small startup ventures to established publicly traded companies. "If you're thinking of minting NFTs (and who isn't these days), there are IP considerations both for..." Protecting your rights and avoiding infringement of others' rights. An NFT can be subject to IP protection similarly to more traditional assets — for example, an NFT containing original artwork and/or written content is subject to copyright protection. In order to be able to assert those rights against a copycat, it is necessary to register the copyright for your NFTs with the U.S. Copyright Office. NFTs that are sold under a particular brand are goods subject to trademark protection, and those brands will have better protection if registered as trademarks in the U.S. and other jurisdictions. Many have already done so — there are more than 4,000 U.S. trademark filings for non-fungible tokens.