Why Is Vendor Risk Management Important? You‘ve taken all the necessary steps to protect your data and systems from cyberattacks. That’s good. But it’s not enough. Today more than ever you also have to be concerned about security in all of your third parties, like contractors, consultants, vendors and suppliers, that you rely on to create, produce and deliver your...

On June 2nd, 2022, Atlassian announced a critical zero-day vulnerability caught in its Confluence Server and Data Center. This post will explain everything you need to know, from how to tell if you’re vulnerable to how to patch. Be sure to check back or sign up for updates for the latest on cybersecurity events and risks. What is impacted? Atlassian...

When you work with third parties, you often allow them access to your systems, including what could be your customers’ private information such as PHI (protected health information) or PII (personally identifiable information).  Your customer’s social security number, financial account number and credit card number are just a few examples of PII. That information might be secure in your own...

On April 15th, 2022, GitHub, a ubiquitous software development host owned by Microsoft, suffered a third-party breach. This post will tell you everything you need to know— from how to tell if you’re exposed, to how to respond and try to mitigate your risk exposure. What happened? GitHub provides its customers with code repositories that hold all of their public...

If you’re like most companies, you want to do business with vendors because they simplify your life. That is, unless your vendors are breached. Then they complicate, and may even threaten, your business. Why does this happen? And what, if anything, can you do to prevent this from happening? What does your vendors’ security have to do with you? When...

By now, you've probably heard about the Okta breach by the malicious hacker group Lapsus$. Here’s everything you need to know—from how to tell if you’re exposed, to how to respond and try to mitigate your risk exposure. Okta, a leading provider of Authentication Services and Identity and Access Management (IAM) solutions, says it is investigating claims of a data...

Now, more than ever, managing third-party security risk is critical. And one of the ways to manage this type of third-party risk is through vendor security questionnaires. That being said, third-party vendors notoriously hate questionnaires. They complain incessantly about needing to answer tens, if not hundreds, of security questions. They are especially frustrated if the questions being asked are not...

Why we are proud to help create and support Shared Assessments’ Unified Third Party Cybersecurity Taxonomy for Continuous Monitoring Today’s cybersecurity landscape continues to evolve at a frenetic pace. Whether driven by pandemic-induced remote work and digital transformation, by increasing sophistication and relentlessness of bad actors, or by any of a plethora of causes, yesterday’s practices can quickly become outdated....