Auditors and other anti-fraud professionals have fresh guidance this week on how to manage fraud risk, with an emphasis on data analytics, internal reporting hotlines, and discussion of how effective fraud risk management can deter fraudsters from trying their schemes in the first place. Said guidance comes from COSO and the Association of Certified Fraud Examiners, who released the document earlier this week.

Among all the cyber attack techniques gaining prominence, account takeover (ATO) attacks are perhaps the most unnerving for businesses. Even though financial institutions seem like an obvious target, e-commerce storefronts and online entertainment platforms are also becoming popular targets. For example, online betting website DraftKings fell victim to an ATO attack in 2022, where the perpetrators made off with $300,000.

At a swanky steak house on Manhattan’s Upper West Side, I sat with 100 other security professionals in a dimly lit wood-panelled room, its walls lined with photographs of famous and near-famous patrons. Nearly all of us were at least one cocktail into our evening of high gustation, storytelling, and network building. (Old Fashioneds were the drink of choice that evening).

Just as your organization thinks it is prepared, new cyber threats appear. In March 2023, the European Union Agency for Cybersecurity (ENISA) published its list of the 10 top cybersecurity threats to emerge by 2030.

The world of business has changed dramatically over the past few years. Today, it’s more digital and connected than ever, leaving security and technology teams stretched even thinner. Privacy and data regulations are increasing on a state and national level; threat actors are learning and evolving; and cybersecurity has finally become a boardroom priority! Now that you have leadership’s attention — what will you do? If your answer is “GRC as usual,” it may hold you back.

SOC 2 reports evaluate internal controls to see how well a company identifies, assesses, mitigates, and monitors risks. In the context of third-party risk management (TPRM), a SOC 2 can give you confidence that your critical vendors are following best practices to protect your data. If you’re getting started with SOC 2 for third-party risk management or need an update, this blog has got you covered.

Cyber attacks aren’t just on the rise; they are skyrocketing. Incidents of ransomware alone nearly doubled last year. A new study by CrowdStrike finds that ransomware-related data leaks increased by 82% in 2021. Furthermore, ransom demands now average $6.1 million per incident, a 36% increase from 2020. Clearly, reacting to and remediating security threats when they arise is not going to cut it anymore.

New research from the Cyentia Institute found that 98% of organizations do business with a third party that has suffered a breach. The report also found that the average firm has 11 third-party relationships and hundreds of indirect fourth- and nth-party relationships. Bottom line: an expanding attack surface makes companies more prone to cyberattacks.

Zero trust is a cybersecurity approach that restricts network access so only the right people are accessing the specific information they need —and nothing more. Here’s everything you need to know about the basic principles of Zero Trust and how to apply them to your third-party risk management program (TPRM) to create more secure remote access connections.

End-to-end security is critical for businesses to navigate today’s digital age. The more consumers and businesses communicate, and transfer their information online, the more vital it is to keep that shared data confidential and secure. Leaving your endpoints (and the communication traveling between them) unsecure increases the risk that confidential data may land in the hands of malicious actors.