
Jun 12, 2022
4 min read
Why You Need Vendor Risk Management Software in 2022
Why Is Vendor Risk Management Important? You‘ve taken all the necessary steps to protect your data and systems from cyberattacks. That’s good. But it’s not enough. Today more than ever you also have to be concerned about security in all of your third parties, like contractors, consultants, vendors and suppliers, that you rely on to create, produce and deliver your...
Subscribe to our blog
Get the latest posts in your email
Explore Webinars & Videos
Explore our videos and webinars for the latest on third-party security risk management.
LEARN MORE
Jun 06, 2022
4 min read
Responding to the Atlassian Vulnerability
On June 2nd, 2022, Atlassian announced a critical zero-day vulnerability caught in its Confluence Server and Data Center. This post will explain everything you need to know, from how to tell if you’re vulnerable to how to patch. Be sure to check back or sign up for updates for the latest on cybersecurity events and risks. What is impacted? Atlassian...

May 02, 2022
4 min read
5 Best Practices for Protecting Sensitive Information Shared with Your Third Parties
When you work with third parties, you often allow them access to your systems, including what could be your customers’ private information such as PHI (protected health information) or PII (personally identifiable information). Your customer’s social security number, financial account number and credit card number are just a few examples of PII. That information might be secure in your own...

Apr 18, 2022
4 min read
Responding to the GitHub Breach
On April 15th, 2022, GitHub, a ubiquitous software development host owned by Microsoft, suffered a third-party breach. This post will tell you everything you need to know— from how to tell if you’re exposed, to how to respond and try to mitigate your risk exposure. What happened? GitHub provides its customers with code repositories that hold all of their public...

Apr 07, 2022
4 min read
What You Need to Know About Third-Party Security Requirements and Why
If you’re like most companies, you want to do business with vendors because they simplify your life. That is, unless your vendors are breached. Then they complicate, and may even threaten, your business. Why does this happen? And what, if anything, can you do to prevent this from happening? What does your vendors’ security have to do with you? When...

Mar 29, 2022
4 min read
Responding to the Okta Breach
By now, you've probably heard about the Okta breach by the malicious hacker group Lapsus$. Here’s everything you need to know—from how to tell if you’re exposed, to how to respond and try to mitigate your risk exposure. Okta, a leading provider of Authentication Services and Identity and Access Management (IAM) solutions, says it is investigating claims of a data...

Mar 24, 2022
2 min read
How To Know Which Questions to Include in Security Questionnaires
Now, more than ever, managing third-party security risk is critical. And one of the ways to manage this type of third-party risk is through vendor security questionnaires. That being said, third-party vendors notoriously hate questionnaires. They complain incessantly about needing to answer tens, if not hundreds, of security questions. They are especially frustrated if the questions being asked are not...


Mar 03, 2022
2 min read
Finding a Common Language for Continuous Monitoring
Why we are proud to help create and support Shared Assessments’ Unified Third Party Cybersecurity Taxonomy for Continuous Monitoring Today’s cybersecurity landscape continues to evolve at a frenetic pace. Whether driven by pandemic-induced remote work and digital transformation, by increasing sophistication and relentlessness of bad actors, or by any of a plethora of causes, yesterday’s practices can quickly become outdated....
Popular Posts

Feb 10, 2022
1 min read
The Most Common Third-Party Cyber Gaps Revealed
As organizations increasingly rely on third-party vendors to provide essential services, they also become more vulnerable to vendor related cybersecurity risks. A recent study by Forrester found that nearly 60% of companies experienced a data breach due to a third-party vendor in the past year. But what are the most common vendor cyber gaps that organizations should be aware of?...

Aug 26, 2021
3 min read
4 Ways to See if You Are at Risk of a Vendor…
Recent supply chain attacks such as Kaseya, Accellion and SolarWinds have illustrated that when it comes to vendor breaches, it’s not if, but when. While it’s impossible to predict cyberattacks, there are key steps that you can take with your vendors to determine if you might be at risk. Here are 4 key strategies: 1. Monitor security posture It’s important...

Jan 03, 2022
3 min read
5 Resolutions for Reducing Third-Party Cyber Risk in 2022
If there’s one thing we’ve all learned, it’s that supply chain attacks are not going away anytime soon. Last year, we saw major cyber incidents involving Accellion, Kaseya, Codecov and others; next year, there will certainly be more. To help prevent and respond to similar cyber incidents, it’s essential to consider how best to reduce third-party risk. How can this...