• Skip to main content
  • Skip to footer

Commonwealth Sentinel

Cyber Security for local government, non-profits and small business

MENUMENU
  • Home
  • About Us
    • Sheri Donahue
    • Leo Haggerty
    • Careers
  • Services
    • Vulnerability and Threat Evaluation
    • Transformation Management
    • CISO Management Services
    • Incident Response Management
  • News
  • Blog
  • FAQs
  • Contact Us

Terry Davis / August 5, 2022

Lions and Tigers and Bears…OH MY!!!!

Is nothing sacred anymore? Now the Louisville Zoo membership information has been breached!
A third-party vendor that the Louisville Zoo uses to send out emails to its patrons was hacked. This is an example of a supply chain cyber attack. (That is when a vendor/partner has legitimate access to a client’s information systems and a cyber threat actor uses that access to execute an attack, steal data, or launch a ransomware attack.)
According to the press release from the Zoo, the information maintained on the hacked system included names, email addresses, physical addresses, membership numbers, and membership levels. They reassured patrons that no sensitive information (i.e., payment card information) was stored with the service.
While it may seem that the information obtained is not that dangerous, consider for a moment that the information is enough for a threat actor to reach out via email, text or phone call representing themselves as a zoo official asking for payment information, social security number, birthday, etc.
Not only is this an example of supply chain dangers, it should also be a wake-up call for any non-profit or membership-based organization.
For any organization that depends on donations, membership dues, sponsorships, etc., the marketing strategy depends largely on an emotional connection with your members. They believe in your cause. They trust in your work to do good things. And they trust that the support they send is used for those good works.
A breach of data is also a breach of trust. Even though a third-party intrusion is not technically the fault of your team, it is your organization’s name on the press release. It was your organization that utilized that vendor, and the information was data you collected.
What can you do? Implement Vendor Risk Management policies and procedures. Use due diligence to ensure your vendors are well vetted by implementing proper cyber security procedures. And ensure your organization does as well.
CYBER NEWS
FEMA warns emergency alert systems could be hacked to transmit fake messages unless software is updated
FEMA warns emergency alert systems could be hacked to transmit fake messages unless software is updated
Vulnerabilities in software that TV and radio networks around the country use to transmit emergency alerts could allow a hacker to broadcast fake messages over the alert system, a Federal Emergency Management Agency official tells CNN.
edition.cnn.com • Share
One in five data breaches due to software supply chain compromise, IBM report warns
One in five data breaches due to software supply chain compromise, IBM report warns
Attack vector cost businesses 2.5% more in one year
portswigger.net • Share
Aetna Reports 326,000 Affected by Mailing Vendor Hack
Aetna Reports 326,000 Affected by Mailing Vendor Hack
Health insurer Aetna ACE reported to federal regulators a health data breach affecting nearly 326,000 individuals tied to an apparent ransomware incident involving
www.bankinfosecurity.com • Share
70% of Cyberattacks Are Ransomware and Business Email Compromise
70% of Cyberattacks Are Ransomware and Business Email Compromise
Ransomware attacks were also among the top reported attacks in the last 12 months, with 7 industries considered most at risk.
tech.co • Share
TIP OF THE WEEK
Protecting Your Digital Supply Chain
As the world becomes more interconnected and services are delivered digitally, cyber threats from third-party vendors is increasing. In a 2022 study by the Ponemon Institute, 56% of organizations have experienced a cyber breach from a third-party vendor.
Here are some steps to improve cyber security in your supply chain:
Ensure your own house is in order. That is, ensure your security is up to date and that your personnel are well-trained and cyber smart. If they see something awry, they should feel empowered to take action and know what that action should be.
Enact a policy of least privilege, limiting access to only that a vendor (or your employees) need for their specific function. Then, if a cyber breach occurs, the threat actor can only access that the user has permission to access.
Use Segmentation. That is, ensure that not everything in your system is on the same network. That way, if a breach occurs in one area of your organization, they cannot access more sensitive or critical data because it is segmented or “walled off” from the infiltrated area.
Conduct regular vulnerability scans and pen-testing to check for new areas of weakness and for the ability to penetrate your systems from the outside
CYBER HUMOR

VOCABULARY WORD
Supply Chain Attack: When an unauthorized person gains access to your system via an outside partner or provider that has legitimate access to your system.
TWEET OF THE WEEK

Commonwealth Sentinel
Commonwealth Sentinel
@CwealthSentinel

9 tips to prevent phishing https://t.co/itCToDUWpH https://t.co/kIf5QjG4jx
6:33 PM – 25 Jul 2022

Filed Under: Blog

Footer

CONTACT US

COMMONWEALTH SENTINEL

1230 US Highway 127 S
Suite #5
Frankfort KY 40601
(502) 320-9885

EMAIL US

ABOUT US

Cyber security consulting for local governments, non-profit organizations, and small businesses facing the threats of the cyber world.  At Commonwealth Sentinel, we are passionate about helping people be cyber-safe!

FOLLOW US

  • Email
  • Facebook
  • LinkedIn
  • Phone
  • Twitter
  • YouTube

Copyright © 2023 Commonwealth Sentinel

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT