Vendor risk management (VRM) deals with the management and monitoring of risks resulting from third-party vendors and suppliers of information technology (IT) products and services. VRM programs are concerned with ensuring third-party products, IT vendors and service providers do not result in business disruption or financial and reputational damage.

What if your job was to break things repeatedly in order to make them work better? Sounds like the dream of every curious six-year old, but it’s actually an emerging software engineering trend based in the transition from devops to devsecops. It’s designed to test systematic limitations with the goal of improving security and performance under any circumstances. The term is chaos engineering.

Ransomware isn’t a new phenomenon, but it’s effects are starting to be felt more widely, and more deeply than ever before. Behemoths like Sony, Nissan, FedEx, Kraft Foods and Deutsche Bank have all been hit in recent years, and the list is growing. The ongoing saga of the ransomware attack in Baltimore, MD has left citizens unable to pay parking tickets or finalize property sales. American small businesses may bear the brunt of the impact of ransomware’s global spread.

With cybercrime on the rise, companies are always looking for new ways to ensure they are protected. What better way to beat the hackers than to have those same hackers work FOR you. Over the past few years, corporations have turned to Bug Bounty programs as an alternative way to discover software and configuration errors that would’ve otherwise slipped through the cracks.

Gone are the days when being a CISO (or even just ‘the security guy’) was about actual information security or IT security. Even the term IT security is outdated now, as it emphasizes a one-dimensional view of what security is really about. However, I digress…

Cloud computing has transformed the IT industry, as services can now be deployed in a fraction of the time that it used to take. Scalable computing solutions have spawned large cloud computing companies such as Amazon Web Services (AWS), Google Cloud and Microsoft Azure.

Digital transformation is creating rapidly growing volumes of data, leading to new vulnerabilities and attack vectors. At the same time, adversaries are growing increasingly more sophisticated – consider the recent Capital One breach, or the Equifax breach. This combination of factors means SOCs are struggling to fulfill their critical mission of identifying and eliminating threats.

Every thirty seconds, a phishing attack occurs somewhere in the world. That comes down to 120 attacks per hour. Industry research doesn’t just show that phishing is incredibly common, but also highlights how costly it is, with losses from a single attack averaging $8,850. This means that every hour, $1,062,000(!) is lost to phishing. Even though this makes phishing a massive threat to companies, a recent report shows that over one third (35%) of employees don’t even know what it is.