Trustwave SpiderLabs has put together nine vertical threat reports over the past 12 months, but in its most recent effort, the 2024 Professional Services Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies report, our team of elite researchers delve into one of the broadest and most complicated vertical sectors yet covered.
Professional services differ somewhat from verticals such as healthcare, manufacturing, and retail because they encompass many different business types, ranging from accounting to legal to various consultancies. Each can be attacked in a specific way, which means no silver bullet works for all security measures that can be put in place.
Additional unique factors include:
The 2024 Professional Services Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies will walk the reader through all the attack types used against professional service organizations, but let’s take a look at one of the most prevalent.
The report covers how threat actors have been successfully attacking third-party vendors. In many cases, this is done to gain access to an organization further up the supply chain.
However, professional services present an interesting dichotomy. Not only are they vulnerable to an attack on their supply chain, but after all, many tend to use multiple vendors to provide their services, and they are often part of another organization's supply chain. This fact could make them twice as appealing to the average attacker.
Trustwave SpiderLabs details how third-party software, particularly file transfer services like MOVEit, is a common cause of supply chain breaches in professional services. Later in the report, we’ll highlight several examples where MOVEit vulnerabilities were exploited to access sensitive data at firms like Ernst & Young, Deloitte, PwC, and Kirkland & Ellis. The report also details breaches caused by vulnerabilities in third-party cloud storage platforms and electronic discovery vendors used by professional services firms like Proskauer Rose, Quinn Emanuel, and Goodwin Procter.
To reduce the risk of being hit with a supply chain attack, Trustwave SpiderLabs suggests:
As previously noted, the professional services sector report is the latest in a series researched and published by Trustwave SpiderLabs. Please visit these for an in-depth analysis of the security issues facing each industrial sector:
Please download the 2024 Professional Services Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies for all the background details on these threats, the groups behind them, and how to properly defend your professional services firm.