Aug 26, 2021
3 min read
4 Ways to See if You Are at Risk of a Vendor…
Recent supply chain attacks such as Kaseya, Accellion and SolarWinds have illustrated that when it comes to vendor breaches, it’s not if, but when. While it’s impossible to predict cyberattacks, there are key steps that you can take with your vendors to determine if you might be at risk. Here are 4 key strategies: 1. Monitor security posture It’s important...
Jul 06, 2021
4 min read
What You Need to Know About the Kaseya VSA Supply Chain Attack
As if the SolarWinds attack wasn’t enough to shake things up for organizations, the recent Kaseya VSA supply chain attack is likely to affect thousands of businesses. Here’s what you need to know. What Happened? On Friday, July 2nd, leading into a holiday weekend in the US, it was discovered that the REvil ransomware group had exploited a vulnerability in...
Jun 03, 2021
3 min read
What the Cybersecurity Executive Order Means for Software Supply Chain Security
Here’s what to expect and what you can do. Recently, President Biden signed the much-anticipated Executive Order (EO) on cybersecurity, which declared that the “prevention, detection, assessment, and remediation of cyber incidents is a top priority and essential to national and economic security.” The EO is clearly intended to address the issues that resulted in recent major cyber incidents such...
Feb 25, 2021
6 min read
Can You Predict or Prevent a Breach Like SolarWinds?
I have spent thousands of hours for more than a decade answering a range of cybersecurity questions from people around the globe. However, in the past couple of months, I have been inundated with one single question: Could the SolarWinds third-party security breach have been predicted or prevented? What they—and thousands of other companies—are really wondering following the infamous breach...
Jan 27, 2021
4 min read
How the NIST Cybersecurity Framework Helps You Respond to a Vendor Breach
As if we didn’t have enough to think about when it comes to our own organization’s security posture, we also have to consider the cybersecurity of companies we do business with—our third parties (and their third parties). Even when you’ve done everything you can to reduce the inherent risks of working with other companies, by bringing them into alignment with...
Dec 23, 2020
4 min read
5 Important Takeaways from the SolarWinds Supply Chain Attack
By now, you’ve heard about the massive security breach at IT management company SolarWinds, one of the most significant supply chain attacks in recent history. Now that we’ve gotten some distance from the event, we wanted to recap what happened and what you can do in the future. SolarWinds was compromised when hackers, believed to be Russian, inserted malware into...
Oct 14, 2020
3 min read
Securing Your Suppliers: Building the Right Password Policy
Organizations rely on passwords to ensure security. Yet according to Verizon’s 2020 Data Breach Investigations Report (DBIR), over 80% of hacking-related breaches involve the use of lost or stolen credentials. The problem has only gotten worse in the wake of coronavirus, when businesses have been forced to require their employees to work from home. This sudden need for increased remote...
May 04, 2020
4 min read
5 Cloud Security Alliance Working Groups to Consider Joining
Founded in 2008, the Cloud Security Alliance defines standards, certifications and best practices to help ensure a secure cloud computing environment. It has over 80,000 members worldwide, and offers working groups across 31 domains of cloud security. These groups include participants from CSA’s diverse membership and provide the opportunity to participate in research initiatives with like-minded professionals. What are some...
Apr 21, 2020
3 min read
3 Reasons Why Your Organization Should Perform an Enterprise Cybersecurity Risk Assessment
While it’s important to assess the cybersecurity of your third parties, there’s another crucial process that every organization should consider: An enterprise cybersecurity risk assessment, which provides an external view of your organization’s attack surface along with verification of internal security controls. Here are three key reasons why: Changing Times The cyber world is incredibly dynamic. Since new technologies are...
Mar 08, 2020
5 min read
The Cybersecurity Ripple Effect of the Coronavirus
Coronavirus is affecting the economy, global supply chains, human and workforce behaviors. Many companies are now adopting work-from-home practices: Twitter, Amazon, Microsoft, Okta and more have already advised their employees to work remotely, and undoubtedly this list will continue to grow. These difficult times have introduced not just IT and company culture challenges, but also a ripple effect of cybersecurity...
Popular Posts
Nov 26, 2019
3 min read
3 Key Points About CCPA
What is CCPA? The California Consumer Privacy Act (AB 375), which will go into effect on January 1, 2020, is expected to significantly strengthen data collection and privacy in the USA. Similar to the way the General Data Protection Regulation (GDPR) defined data privacy in Europe, the CCPA regulation is expected to set the standard for data privacy in...
May 08, 2019
3 min read
3 Reasons Why Enterprises Hate Security Questionnaires
It’s not hard to understand why security questionnaires are necessary. Because regulations like GDPR and NYDFS are holding businesses accountable for their third parties’ cybersecurity, it’s important for enterprises to assess and continuously monitor all vendors, suppliers and business partners. And the initial vetting of any third parties typically begins with a comprehensive security questionnaire to evaluate cyber posture. (more…)