News of ransomware attacks disrupting supply chains has increased recently. As threat actors disrupt businesses and critical infrastructure, they may appear to be working harder. However, cybercriminals treat ransomware as a business, enabling an underground industry. Ransomware-as-a-Service (RaaS) is a growing underground industry that continues to place sensitive information at risk.
Vendor tiering is the key to a more resilient and sustainable third-party risk management strategy. But like all cybersecurity controls, it must be supported by the proper framework. To learn how to optimize your Vendor Risk Management program to greater efficiency through best vendor tiering practices, read on.
Security teams are struggling to contend with the expanding third-party attack surface which is fueled by the pernicious cycle of poor vendor risk management.
The Health Insurance Portability and Accountability Act (HIPAA) of 1996 is a U.S. federal law meant to protect sensitive electronic protected health information (ePHI). Every healthcare organization (“covered entity”) must comply with its two fundamental rules. In 2013, the U.S. Department of Health and Human Services (HHS) passed the HIPAA Omnibus Final Rule, which expanded compliance requirements to the business associates that also handle ePHI on behalf of covered entities.
Connected devices offer healthcare providers ways to remotely monitor patient health. Additionally, hospitals use these devices for enhanced patient care, including medication delivery and vitals monitoring. However, malicious actors often use unsecured IoMT as part of their attack methodologies.
Understanding your organization’s cybersecurity posture is becoming more important every day. So how do you know how secure your IT infrastructure really is? One way to get a glimpse into your organization’s security is penetration testing: pretending (or hiring someone to pretend) to be a hacker, attempting to infiltrate your organization’s physical and cyber systems however possible.
Cyberattacks against businesses of all sizes are at all-time highs. Data from 2021 and projections for the future of cybersecurity suggest that the frequency and intensity of these attacks will only continue to grow. At the forefront of most cyberattacks in 2020 was ransomware, a type of malicious malware attack where attackers encrypt your organization’s data and demand payment in exchange for a decryption key to restore access.
The Health Insurance Portability and Accountability Act (HIPAA) was enacted by Congress in 1996 to prevent medical fraud and to assure the security of protected health information (PHI), such as names, Social Security numbers, medical records, financial information, electronic health transactions and code sets. The law is managed by the U.S. Department of Health & Human Services (HHS).
A network vulnerability assessment is the reviewing and analyzing of an organization’s network infrastructure to find cybersecurity vulnerabilities and network security loopholes. The assessment can be carried out either manually or by using vulnerability analysis software — although the latter is preferred because it’s less susceptible to human error and usually delivers more accurate results.
An audit universe is a document that details all the audit activities to be carried out by the internal audit function. It consists of multiple and distinct auditable entities, processes, and activities, which can be considered “auditable units.” The number of these auditable units varies depending on the organization’s size, business complexity, and operational scale. In some cases they can run into the hundreds or even thousands.
