CUSTOMER LOGIN
  • BLOG
  • CONTACT US
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Solutions
    • Risk Assessment Automation
    • Security Questionnaire Automation
    • Zero Day Remediation
    • Integrations
    • Industries
      • Financial
      • Energy
      • Healthcare and Hospitals
      • Legal
      • Life Sciences
      • Manufacturing Industry
      • Retail
      • Technology
      • Other Industries
  • Pricing
  • Resources
    • Blog
    • Strategy Guides
    • Case Studies
    • Data Sheets
    • Webinars
    • Dictionary
    • API
  • Company
    • About us
    • Careers
    • Partners
      • Partners Login
    • Product Security
    • Privacy Policy
REQUEST DEMO
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Solutions
    • Risk Assessment Automation
    • Security Questionnaire Automation
    • Zero Day Remediation
    • Integrations
    • Industries
      • Financial
      • Energy
      • Healthcare and Hospitals
      • Legal
      • Life Sciences
      • Manufacturing Industry
      • Retail
      • Technology
      • Other Industries
  • Pricing
  • Resources
    • Blog
    • Strategy Guides
    • Case Studies
    • Data Sheets
    • Webinars
    • Dictionary
    • API
  • Company
    • About us
    • Careers
    • Partners
      • Partners Login
    • Product Security
    • Privacy Policy
REQUEST DEMO
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Solutions
    • Risk Assessment Automation
    • Security Questionnaire Automation
    • Zero Day Remediation
    • Integrations
    • Industries
      • Financial
      • Energy
      • Healthcare and Hospitals
      • Legal
      • Life Sciences
      • Manufacturing Industry
      • Retail
      • Technology
      • Other Industries
  • Pricing
  • Resources
    • Blog
    • Strategy Guides
    • Case Studies
    • Data Sheets
    • Webinars
    • Dictionary
    • API
  • Company
    • About us
    • Careers
    • Partners
      • Partners Login
    • Product Security
    • Privacy Policy

What We Learned from the Latest Third-Party Data Breach in the Financial Services Industry

Published by Sabrina Pagnotta on July 30, 2020
Categories
  • Blog
Tags
  • Cybersecurity
Third-Party Data Breach-Financial

This week we learned of a ransomware attack against a vendor of fund administrator SEI Investments Co. This attack exposed the personal information of investors in roughly 100 of its clients, according to The Wall Street Journal. We look at this incident through the lens of third-party risk and how a TPRM program can help prevent a Third-Party Data Breach like this.

The Attack

Attackers infiltrated the corporate systems of M.J. Brunner, a service provider for SEI’s investment dashboard and online enrollment portal, according to the source. As a result, they obtained files from Brunner that contained user names and emails —and in some cases first and last names, physical addresses, and phone numbers— associated with the dashboard.

Among the funds whose investors were impacted by the attack were Angelo Gordon & Co., Graham Capital Management, Fortress Investment Group LLC, Centerbridge Partners, and Pacific Investment Management Co. SEI is a leading fund administrator and investment-management service provider that does business with hedge funds and private-equity funds. As of June 30th, SEI managed $693 billion in client assets.

Minimizing the Third-Party Data Breach Vector

A spokesperson for SEI said the company’s network wasn’t compromised and the attack didn’t exploit any vulnerabilities within its network, adding that they take the security of their clients very seriously. While that can certainly be true, the first step to working with a third-party is to ensure they take security just as seriously as you.

A Third-Party Risk Management Program would ensure the continuous assessment and mitigation of the risk that arises from third-party and subcontractor relationships. This would include asking the following questions:

  • Who are your third-parties and which of them have access to sensitive data?
  • How are you going to categorize your third-parties?
  • How would you rank your third-parties?
  • What is the criteria/requirement for each one of those categories?
  • Who will be involved in the workflow: business owners, legal, procurement..?

The enabler for this sort of strategy is technology. With workflow automation and centralized documentation, a TPRM platform like ThirdPartyTrust will make it easier to work securely with hundreds of third-parties. 

While necessary for business operation, vendors and service providers have emerged as popular targets, as successful attacks can yield access to large amounts of sensitive information or systems. In fact, regulators are growing increasingly concerned about cyber attacks against financial services companies.

The WSJ states that in March, financial-technology provider Finastra suffered an attack that forced them to temporarily take its systems offline. In late December, an attack on Finablr PLC’s foreign-exchange business Travelex shut down its website for weeks, which impacted banks that use its services.

It should also be noted that ransomware – and malware in general – is just one of the risks an organization can be affected by. Other associated risks include:

  • Not being able to confirm if third-parties have had a data breach or cyber attack involving their sensitive and confidential information – In this case, the breached vendor told SEI about the attack in late May, but weeks passed before SEI knew its clients’ information had been leaked, according to the source. 
  • Not being able to determine the number of third-parties with access to confidential information and how many of these are sharing this data with one or more vendors.
  • A lack of confidence in third-parties’ data safeguards, security policies and procedures and if their security posture is sufficient to respond to a data breach or cyber attack.

On top of that, the regulatory landscape of financial services companies is ever evolving. With state, national and international complexities, information security professionals have to stay on their toes to comply.

All of this shows why a third-party risk management (TPRM) program is key to any cybersecurity strategy. There’s no denying that third-party relationships and sharing data have become crucial to business operation, but this also means enterprises need to address a whole new set of problems.

Read More: Building a Scalable Third-Party Risk Management Program

The good news is it’s not hard to do. We believe a network approach is best suited to tackle digital supply chain risk in a streamlined and affordable way. By accessing +17,000 already existing vendor profiles and by inviting new third-parties to the network, organizations can save time in their assessment process while paving the way for further optimization. Redundancies are removed on both ends and time to completion is reduced from months to weeks.

 


 

To learn more about how ThirdPartyTrust can help you streamline your TPRM program, request your free trial now:

 

Trial Account Sign-Up
Sabrina Pagnotta
Sabrina Pagnotta
Sr. Content Strategist
  • Phone
    -------------------+18476966236
  • Address
    -------------------
    1842 W. Irving Park Rd, #401, Chicago, IL 60613
  • Sales
    -------------------sales@thirdpartytrust.com
  • Marketing
    -------------------marketing@thirdpartytrust.com
  • Support
    -------------------support@thirdpartytrust.com

Contact us

Follow us!

LinkedIn
Twitter
YouTube
Facebook

Laika_SOC2_TypeI_PurpleIris

Copyright © ThirdPartyTrust 2022 | 1842 W. Irving Park Rd, #401, Chicago, IL 60613
  • BLOG
  • PARTNERS LOGIN
  • CONTACT US
Request Demo
  • BLOG
  • CONTACT US
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
Cookie SettingsAccept All
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT