The Expert Podcast

 Introduction:
  • In this episode, we delve into the often overlooked vulnerability of government agencies to cyber attacks, particularly through third-party connections.
Case Study: Cyber Attack on a New York County
  • A county in New York experienced a crippling cyber attack targeting its real estate records at the clerk's office.
  • The attack involved file deletion and holding records hostage, disrupting vital operations.
  • Surprisingly, the source of the attack was traced back to a third-party records management vendor.
The Third-Party Vulnerability:
  • Many cyber attacks on government agencies and private sector companies originate from vulnerabilities in their interconnected systems.
  • Government agencies and businesses alike maintain numerous connections to vendors, CRM providers like Salesforce, and other entities for data exchange.
  • Despite robust internal security measures, a single vulnerability in a third party's system can provide hackers with a gateway into the primary system.
Importance of Third-Party Protection:
  • Third-party protection is paramount, whether through cyber insurance, specialized defense systems, or stringent vetting of vendors.
  • Trusting and granting access to third parties on a daily basis increases the risk of indirect vulnerabilities.
Conclusion:
  • The New York County Clerk's Office serves as a stark reminder of the critical importance of understanding and securing third-party connections.
  • By implementing best practices and robust protective measures, government agencies and businesses can fortify themselves against cyber threats originating from third-party vulnerabilities.
 If you have questions or want to delve deeper into today's topics, visit at RiskCoverage.com for additional resources. Until next time, stay insured and stay informed!

What is The Expert Podcast?

The Expert Podcast brings you firsthand narratives from experts across diverse industries, including private investigators, general contractors and builders, insurance agencies, vehicle specialists, lawyers, and many others.

Even government agencies are getting cyberattacks. Here's an example where a county in New York had their real estate records and their clerk's office attacked by a hacker. It deleted files, deleted records, and held them hostage. But if you notice in the article description, the cyber attack was from a third-party records management vendor.

So, this is where a lot of cyber attacks happen—your computer system. Whether you're a government agency or a private sector company, you have connections to many other organizations. You have connections to vendors and to CRM providers, maybe like Salesforce, Google, or Amazon.

You probably have connections to customer or client systems to exchange information, and any one of those could be a method by which a hacker could get into your system. Even if you have the best protections on your system, if one of your vendors, clients, customers, or providers has a vulnerability and the hacker gets in there, they may use that to jump into yours.

This is where third-party protection is extremely important, whether it's through your insurance company, your cyber insurer, or a cyber defense system. The third party is vulnerable because you trust and give access to third parties all the time on a daily basis.

And if that third party isn't secure, which you'll never know, you might have a vulnerability yourself by proxy. This is an example of a of a government agency; their county clerk was basically shut down because of a hack, and it didn't go directly to the government; it came through a third party.

So be aware of what connections you have and what the best practices are to prevent that from happening in your business.