Third-Party Risk in Cybersecurity Exemplified by North Korea’s Stealing of US War Plans

Third-party risk (or nth-party risk) is a hot topic in cybersecurity. While it can mean many things, at its core third-party risk describes a situation in which an organization that does a good job of protecting its own network and data, within its environment, works with other organizations that do not do such a good job and those organizations (third-parties or nth-parties), through their weaker security practices, put the first party’s network and data at risk.

This past week we learned that the North Koreans stole the United States’ war plans for battle with North Korea. How did they do this? By cyber attack — not on the United States, which likely had the plans fairly well secured — but by cyberattack against the United States’ “partner” in this endeavor, the South Koreans, with whom the US had shared its plans. Read more about the attack here: ‘Ridiculous Mistake’ Let North Korea Steal Secret U.S. War Plans

This is a classic example of cybersecurity third-party risk and one every business should understand — just ask Target about it’s HVAC vendor, Fazio Mechanical. If you’re interested in learning more about these concepts, take a look at a recent checklist I created: Managing Third-Party Risk in Cybersecurity

2 thoughts on “Third-Party Risk in Cybersecurity Exemplified by North Korea’s Stealing of US War Plans

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s