Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Third-party risk assessments identify, evaluate, and mitigate potential risks that third-party vendors might introduce into business operations. These processes form the foundation for a proactive risk management program, meeting regulatory requirements while safeguarding organizational assets and preventing reputational damage. Cyber risk assessments help identify any security hazards that could potentially disrupt operations and the supply chain.

A Third-Party risk assessment is a critical component of a Third-Party Risk Management program. Without understanding how to properly execute these assessments, the efficiency of your TPRM program will remain limited. This post provides a detailed six-step guide for performing third-party risk assessments in cybersecurity.

While virtual private networks (VPNs) have been the go-to solution for remote access for decades, the surge in remote work during the pandemic has highlighted the cracks in its armor. Granting unrestricted access to everything stored within a corporate network can quickly become a security nightmare, especially as remote workers continue to rely on an increasing number of devices and access points.

Protecting credentials has become increasingly critical in recent years, with everyday employees using more passwords, devices, and systems than ever before. Remote work has significantly increased the risk of identity attacks. 55% of remote workers say they receive more phishing emails than they used to while working in the office and attempted password attacks are up tenfold. In 2023, Microsoft detected 156,000 business email compromise (BEC) attacks every day over twelve months.

For SaaS applications and cloud service providers (CSPs), maintaining compliance with FedRAMP requirements is critical to the bottom line. It means the difference between working with U.S. government agencies—or not. But as one might expect from a bureaucratic process, getting FedRAMP authorization is complicated and takes time. Before starting the FedRAMP approval process, teams and company leaders must understand the required steps, prepare thoroughly, and muster their patience.

Group Policies are part of every Active Directory. Group Policy (GP) is designed to be able to change every system's configurations, from the least to the most privileged layer. Since it is so fundamental in the network management process, it is also very powerful for attackers to use as an attack vector. Therefore, GPO hardening is necessary to ensure that these policies are secure and not easily exploited by attackers, protecting the integrity and security of the entire network.

As modern digital landscapes house the most dynamic and growing networks, effective IP address management is crucial for maintaining a well-functioning network. However, many network administrators still rely on spreadsheets to track and manage their growing IP address footprint. This approach is not only time-consuming but also prone to misconfigurations, errors, and inefficiencies. This is where IP address management (IPAM) becomes crucial, offering a more robust and reliable solution.

MITRE ATT&CK is an invaluable resource for IT security teams, who can leverage the framework to enhance their cyber threat intelligence, improve threat detection capabilities, plan penetration testing scenarios, and assess cyber threat defenses for gaps in coverage.

Relying on technology alone, however advanced, can be a critical error. While top end security technologies can provide part of the answer, the sheer number of alerts generated demands constant attention. Without the right resources to analyse and manage these outputs, critical alerts may end up being ignored – a constant thorn in the side of many organisations.

Best practices for mitigating various attack vectors are changing depending on the environment and server functionality. CIS baselines cover most of the relevant scenarios by addressing the first stage of your Hardening Windows Server project. CIS Benchmarks -What are They and How to Use Them Microsoft has been doing some work related to default security configuration, but there is still a big gap between security best practices (i.e. common benchmarks) and the default Windows configuration.