By now, you've probably heard about the Log4Shell vulnerability. This post will detail everything you need to know—from how to tell if you’re exposed, to how to respond.  What Happened?  Apache Log4j2 is a ubiquitous logging framework (library) used in many open-source Java applications. On December 10th, a critical third-party zero-day exploit in Log4j2 called Log4Shell was discovered. Threat actors...

The past two years have certainly taught us to expect the unexpected. That being said, it behooves us to look at the past to gain invaluable insight into the future. As we reflect on the massive changes that have occurred in our world, Panorays experts weighed in on what cybersecurity issues they see taking precedence in the coming year. 1....

Reading the statistics and poring through articles about recent third-party security breaches may educate you about current cyber dangers, but it won’t actually solve anything. The best way to minimize your risk of third-party cyberattacks is by implementing a comprehensive and efficient Third-Party Security Risk Management (TPSRM) process. But if you’re like many, you are part of a small team...

To avoid costly mistakes, financial institutions such as institutional investors, private equity firms, venture capital firms, mutual funds and underwriters perform a thorough examination of an organization before investing in it. Aside from evaluating things like management, size of market, an organization’s business model and a product’s competitive edge, financial investors also assess the risk level before financially backing any...

Panorays automates, accelerates and scales your third-party security process. But that’s not the only benefit you get from Panorays. Service is an integral component of the value you receive from the Panorays solution. In our mind, they are two sides of the same coin. The Customer Success team at Panorays consists of a diverse group of service oriented, highly trained...

Recent supply chain attacks such as Kaseya, Accellion and SolarWinds have illustrated that when it comes to vendor breaches, it’s not if, but when. While it’s impossible to predict cyberattacks, there are key steps that you can take with your vendors to determine if you might be at risk. Here are 4 key strategies: 1. Monitor security posture It’s important...

Just because financial services is a highly regulated industry doesn’t mean that managing your suppliers needs to be an arduous process. It seems counterintuitive that the same vendors who are supposed to simplify your job and expedite day-to-day processes are also costing you hours, days and months to manage. The process of onboarding, managing and maintaining compliant suppliers is a...

Only half the year is over, but we’ve already experienced some of the most damaging third-party data breaches in history. Such cyber incidents compromise sensitive information belonging to an organization by gaining access through a vendor, business partner or supplier. These security breaches can be disastrous for organizations, leading to hefty regulatory fines, lawsuits and loss of customer loyalty. They...

Are you charged with managing your organization’s third-party security and find yourself manually sorting through spreadsheets, trying to make heads-or-tails of your suppliers’ security questionnaires? Are you frustrated by the weeks or months it takes to onboard a new vendor? Are you concerned that your organization will be the next victim of an expensive third-party cyberattack? Wondering how you’ll ever...

As if the SolarWinds attack wasn’t enough to shake things up for organizations, the recent Kaseya VSA supply chain attack is likely to affect thousands of businesses. Here’s what you need to know. What Happened? On Friday, July 2nd, leading into a holiday weekend in the US, it was discovered that the REvil ransomware group had exploited a vulnerability in...