Blog

If you’re like most companies, you want to do business with vendors because they simplify your life. That is, unless your vendors are breached. Then they complicate, and may even threaten, your business. Why does this happen? And what, if anything, can you do to prevent this from happening? What does your vendors’ security have to do with you? When...

By now, you've probably heard about the Okta breach by the malicious hacker group Lapsus$. Here’s everything you need to know—from how to tell if you’re exposed, to how to respond and try to mitigate your risk exposure. Okta, a leading provider of Authentication Services and Identity and Access Management (IAM) solutions, says it is investigating claims of a data...

Now, more than ever, managing third-party security risk is critical. And one of the ways to manage this type of third-party risk is through vendor security questionnaires. That being said, third-party vendors notoriously hate questionnaires. They complain incessantly about needing to answer tens, if not hundreds, of security questions. They are especially frustrated if the questions being asked are not...

Why we are proud to help create and support Shared Assessments’ Unified Third Party Cybersecurity Taxonomy for Continuous Monitoring Today’s cybersecurity landscape continues to evolve at a frenetic pace. Whether driven by pandemic-induced remote work and digital transformation, by increasing sophistication and relentlessness of bad actors, or by any of a plethora of causes, yesterday’s practices can quickly become outdated....

It is no secret that there is a shortage of skilled cybersecurity professionals. Couple that with COVID, remote and hybrid working, and a rise in security breaches and you’ve got a lot of stressed, overburdened professionals looking for effective solutions to make their jobs easier. Sound familiar? If this resonates with you, it’s fair to say that automating your third-party...

As organizations increasingly rely on third-party vendors to provide essential services, they also become more vulnerable to vendor related cybersecurity risks. A recent study by Forrester found that nearly 60% of companies experienced a data breach due to a third-party vendor in the past year. But what are the most common vendor cyber gaps that organizations should be aware of?...

If there’s one thing we’ve all learned, it’s that supply chain attacks are not going away anytime soon. Last year, we saw major cyber incidents involving Accellion, Kaseya, Codecov and others; next year, there will certainly be more.  To help prevent and respond to similar cyber incidents, it’s essential to consider how best to reduce third-party risk. How can this...

Are security questionnaires your Achilles heel? While there’s no avoiding them in your third-party security risk management process, there are definite ways to make the process smoother, faster and more productive. Tip 1: Be sure your questionnaire considers inherent risk Inherent risk is the risk level your business faces when you do nothing to reduce the likelihood or mitigate the...

By now, you've probably heard about the Log4Shell vulnerability. This post will detail everything you need to know—from how to tell if you’re exposed, to how to respond.  What Happened?  Apache Log4j2 is a ubiquitous logging framework (library) used in many open-source Java applications. On December 10th, a critical third-party zero-day exploit in Log4j2 called Log4Shell was discovered. Threat actors...

The past two years have certainly taught us to expect the unexpected. That being said, it behooves us to look at the past to gain invaluable insight into the future. As we reflect on the massive changes that have occurred in our world, Panorays experts weighed in on what cybersecurity issues they see taking precedence in the coming year. 1....