What a year it’s been! A global pandemic, economic uncertainty, a surge in cyberattacks and, in many ways, a completely changed world. We are all happy to say goodbye to 2020, and it’s definitely not a year that anyone would choose to repeat. Having said that, we feel fortunate to have helped organizations through some exceptionally difficult times.
Here is a quick recap of 2020.
As we all know, 2020 was the year of a global pandemic, the likes of which we had never seen before in our lifetimes. The world tried to adjust to a new normal of social distancing, quarantine, masks, Zoom etiquette, distance learning and remote work. As demand soared for SaaS collaboration tools, cybercriminals exploited people’s fears and increased phishing and ransomware attacks on a massive scale. In addition to monitoring for these attacks, Panorays rapidly responded to these unprecedented times by creating a new questionnaire to assess third parties’ security readiness for working at home. These questions helped companies assess cybersecurity risk emanating from suppliers that transitioned to remote work.
2. Global Supply Chain Breaches
2020 was a year of disastrous third-party data breaches in many industries. This included Marriott’s exposure of the personal information of 5.2 million guests—its second major data breach in two years—and the devastating breach at cybersecurity firm Portnox. But all of this paled in comparison to what was one of the worst supply chain attacks in history involving IT management company SolarWinds. Throughout the year, Panorays reached out to customers with guidance about how to respond and published valuable takeaways for organizations to implement, such as mapping third parties that may have been affected by a breach and considering potential risk factors.
3. Assessing Vulnerabilities
Panorays tracked third-party cyber gaps in 2020, and discovered that one of the most common was unpatched web servers with severe vulnerabilities, affecting 40% of companies. The reason? Quite possibly, it could have been that employees working from home were reluctant to patch because of the concern of being left without a work station. In addition, Panorays detected a new common vulnerability in 2020: insufficient security team personnel. This might be the result of significant employee cutbacks resulting from COVID-19. Companies can respond by educating themselves about best practices for their industry and company size in order to build a strong security team.
4. Complying with Regulations
Organizations needed to learn about and adapt to many new regulations this year. In 2020, the California Consumer Privacy Act (CCPA) officially took effect, as did the New York Shield Act and the Monetary Authority of Singapore-Technology Risk Management Guidelines (MAS-TRM). Panorays responded by considering these regulations in mapping customized questionnaires. In addition, we created guides to help explain how the regulations applied to third-party security, such as the Regulation Cheat Sheet and The CISO’s Guide to Supplier CCPA Readiness. If you are not sure, we recommend you read them.
Subscribe to Our Blog
5. New Features & Partnerships
In 2020, Panorays began a partnership with the Cloud Security Alliance and advanced the US Chamber of Commerce’s Principles for Fair and Accurate Security Ratings. Panorays also enhanced third-party security for its customers by releasing some advanced new features. They included:
- Integrations with RSA Archer and ServiceNow
- The Cyber Risk Rating
- Standards and regulations reports
- Remediation planning
The bottom line is that we are always listening to customers about what they need to manage and mitigate third-party security risk, and incorporating their feedback into our product roadmap. That’s something that won’t change.
While no one knows what the future will hold, here’s hoping that the coronavirus vaccine will herald a new post-COVID era, with more economic growth and fewer data breaches.
One thing is certain: Whatever 2021 looks like, Panorays will continue to be proactive, innovative and there to help.