Stolen internal documents from Pentagon contractor Leidos leaked online
Thursday, July 25, 2024
The company’s customers include the U.S. Department of Defense, the Department of Homeland Security, the National Aeronautics and Space Administration and various other government bodies and commercial customers. Notably, the company was recently awarded a $476 million contract with NASA to provide cargo mission engineering and integration services for the International Space Station and NASA’s Artemis program.
Dr. Ilia Kolochenko, chief executive officer at security company ImmuniWeb SA and adjunct professor of cybersecurity and cyber law at Capital Technology University, told SiliconANGLE that in light of the recent drama around CrowdStrike Holdings Inc., this new case illustrates fundamental flaws with third-party risk management.
“While some large companies and governmental agencies take third-party risk management extremely seriously, they still fail to adequately mitigate the root cause of the problem,” Kolochenko said. “Worse, some TPRM programs indistinctively impose costly and time-consuming due diligence on most vendors, without considering vendor-specific risks, threats and vendor’s overall trustworthiness. Eventually, the one-size-fits-all approach miserably fails, and despite sometimes-draconian risk assessments of vendors and suppliers, numerous foreseeable but unaddressed risks continue triggering massive data breaches.” Read Full Article
IT PRO: What's really motivating the Disney hackers?
Infosecurity Magazine: Understanding NullBulge, the New AI-Fighting 'Hacktivist' Group