Feb 25, 2021 6 min read
Can You Predict or Prevent a Breach Like SolarWinds?
I have spent thousands of hours for more than a decade answering a range of cybersecurity questions from people around the globe. However, in the past couple of months, I have been inundated with one single question: Could the SolarWinds third-party security breach have been predicted or prevented? What they—and thousands of other companies—are really wondering following the infamous breach...
Jan 27, 2021 4 min read
How the NIST Cybersecurity Framework Helps You Respond to a Vendor Breach
As if we didn’t have enough to think about when it comes to our own organization’s security posture, we also have to consider the cybersecurity of companies we do business with—our third parties (and their third parties). Even when you’ve done everything you can to reduce the inherent risks of working with other companies, by bringing them into alignment with...
Dec 23, 2020 4 min read
5 Important Takeaways from the SolarWinds Supply Chain Attack
By now, you’ve heard about the massive security breach at IT management company SolarWinds, one of the most significant supply chain attacks in recent history. Now that we’ve gotten some distance from the event, we wanted to recap what happened and what you can do in the future. SolarWinds was compromised when hackers, believed to be Russian, inserted malware into...
Oct 14, 2020 3 min read
Securing Your Suppliers: Building the Right Password Policy
Organizations rely on passwords to ensure security. Yet according to Verizon’s 2020 Data Breach Investigations Report (DBIR), over 80% of hacking-related breaches involve the use of lost or stolen credentials. The problem has only gotten worse in the wake of coronavirus, when businesses have been forced to require their employees to work from home. This sudden need for increased remote...
May 04, 2020 4 min read
5 Cloud Security Alliance Working Groups to Consider Joining
Founded in 2008, the Cloud Security Alliance defines standards, certifications and best practices to help ensure a secure cloud computing environment. It has over 80,000 members worldwide, and offers working groups across 31 domains of cloud security. These groups include participants from CSA’s diverse membership and provide the opportunity to participate in research initiatives with like-minded professionals. What are some...
Apr 21, 2020 3 min read
3 Reasons Why Your Organization Should Perform an Enterprise Cybersecurity Risk Assessment
While it’s important to assess the cybersecurity of your third parties, there’s another crucial process that every organization should consider: An enterprise cybersecurity risk assessment, which provides an external view of your organization’s attack surface along with verification of internal security controls. Here are three key reasons why: Changing Times The cyber world is incredibly dynamic. Since new technologies are...
Mar 08, 2020 5 min read
The Cybersecurity Ripple Effect of the Coronavirus
Coronavirus is affecting the economy, global supply chains, human and workforce behaviors. Many companies are now adopting work-from-home practices: Twitter, Amazon, Microsoft, Okta and more have already advised their employees to work remotely, and undoubtedly this list will continue to grow. These difficult times have introduced not just IT and company culture challenges, but also a ripple effect of cybersecurity...
Oct 17, 2019 3 min read
Tips for Your Vendor Security: Building the Right Password Policy
Organizations still rely on passwords to ensure security, and so having secure passwords has never been more important. That’s why this subject is worth revisiting in honor of National Cybersecurity Awareness Month (NCSAM). (more…)
Oct 08, 2019 3 min read
Tips for Your Vendor Security: How to Prevent Phishing Attacks
Phishing is an attempt to deceive a victim in order to gain access to confidential information and/or distribute infected files. Even with the latest technologies that prevent many phishing emails from reaching inboxes, and even with the right training and procedures, phishing attacks accounted for nearly one-third of data breaches in 2018. (more…)
Nov 26, 2019 3 min read
3 Key Points About CCPA
What is CCPA? The California Consumer Privacy Act (AB 375), which will go into effect on January 1, 2020, is expected to significantly strengthen data collection and privacy in the USA. Similar to the way the General Data Protection Regulation (GDPR) defined data privacy in Europe, the CCPA regulation is expected to set the standard for data privacy in...
May 08, 2019 3 min read
3 Reasons Why Enterprises Hate Security Questionnaires
It’s not hard to understand why security questionnaires are necessary. Because regulations like GDPR and NYDFS are holding businesses accountable for their third parties’ cybersecurity, it’s important for enterprises to assess and continuously monitor all vendors, suppliers and business partners. And the initial vetting of any third parties typically begins with a comprehensive security questionnaire to evaluate cyber posture. (more…)