A third-party risk assessment is an analysis of the risk introduced to your organization via third-party relationships along the supply chain. Those third parties can include vendors, service providers, software providers and other suppliers. Risks to be considered include security, business continuity, privacy, and reputation harm; as well as the risk that regulatory compliance obligations might force you to stop working with a party until its issues are addressed.

One of the most worrisome trends in cybersecurity today is the skyrocketing incidence of supply chain attacks, such as the ones that hit SolarWinds last year and Kaseya more recently. Because they focus on compromising software development and delivery, supply chain attacks have forced developers and DevOps teams to scramble for solutions. Unfortunately, supply chain attacks are particularly challenging to prevent, detect and remediate, and, because of their stealthy nature, are often devastating.

In a world of automation, computers and the data on them have become the backbone of many organizations. But data is a double-edged sword. It can be leveraged by organizations to improve operations, but in the wrong hands, it can be a deadly weapon for hackers. So how do organizations ensure their data is safe?

Almost all tasks within a Linux system, whether it’s an application, system daemon, or certain types of user activity, are executed by one or more processes . This means that monitoring processes is key to detecting potentially malicious activity in your systems, such as the creation of unexpected web shells or other utilities.

U.S. President Joe Biden is under pressure to take a stand against a relentless pace of cybersecurity attacks. Russian-speaking hackers have claimed accountability for a recent ransomware assault on IT management software provider Kaseya VSA. The group of Russian threat actors also referred to as the Revil Group, launched a bombshell supply-chain hit during the weekend of July 4th, 2021 against Kaseya VSA and multiple managed service providers.

Not only has cloud native transformed the velocity in which organizations execute and maintain business operations, but it has also redefined storage, network and compute. From the infrastructure that IT operations maintains, to the applications that supply customers with the ability to interact with their data—DevOps teams have to deliver more services than ever, and they have to do it fast, with little to no error. Easy, right?

In most companies today, there is a critical divide between the Chief of Information Security (CISO) and their board of directors. Our new book, The Perfect Scorecard: Getting an ‘A’ in Cybersecurity from your Board of Directors , is an attempt to close that gap. The Perfect Scorecard features insights from 17 leading CISOs and executives known for their leadership skills and their ability to communicate across roles and sectors.

The Forrester Wave™ Software Composition Analysis, Q3 2021 report states that open source components made up 75% of all code bases in 2020. This is more than double the 36% in 2015. As organizations increasingly rely on external components to quickly add functionality to their own proprietary solutions, they take on greater risk, especially considering these open source components may contain unmitigated vulnerabilities or violate organizations’ compliance policies.