Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Your security questionnaire workflow is the litmus test for the efficiency of your overall Vendor Risk Management program. If this pipeline gets congested, all of the VRM processes, depending on it, get disrupted, which impacts your security posture and heightens your risk of suffering a third-party data breach.

The Hypertext Transfer Protocol (HTTP) and the Hypertext Transfer Protocol Secure (HTTPS) are data communication protocols for the internet. HTTPS uses encryption algorithms for secure data transfer. Without encrypted communications, information transfer is not protected and sensitive data becomes vulnerable to attackers. This article includes a brief overview of HTTPS, as well as actions you can take to ensure that you have set up HTTPS redirection for your website.

In recent years, vendor risk management (VRM) has become a complicated practice as businesses aim to scale and manage potentially hundreds or thousands of vendors. With more vendors, cybersecurity risk is introduced, necessitating software and other digital solutions to adequately manage these vendors. The role of software in vendor risk management products is more important than ever now and moving forward.

Whether you’re a large or small business, the cybersecurity framework by the National Institute of Standards and Technology (a federal agency of the U.S. Department of Commerce) offers an efficient roadmap to an improved cybersecurity posture. Compared to other popular cyber frameworks, like ISO 27001, NIST CSF is more effective at mitigating data breaches, especially during the initial stages of implementing a cyber risk management program.

The European Union introduced the EU Cybersecurity Act to boost cybersecurity measures and cyber resilience across EU member states. With a digitally connected Union, having consistent regulations for cybersecurity measures across member states is vital in protecting against cyber attacks.

Whenever an organization outsources part of its business process to an outside party, it introduces various risks to the primary organization. Third-party risk management refers to how organizations address and mitigate security risks across their entire library of vendors and suppliers. Unfortunately, third-party risk exposure can be difficult to manage and comes with many challenges organizations must address for an effective third-party risk management program.

CISA added CVE-2023-24489 to the Known Exploited Vulnerabilities Catalog in August 2023. CVE-2023-24489 is an access control vulnerability impacting the use of Citrix ShareFile StorageZones Controller version 5.11.24 and below. Citrix ShareFile is a real-time collaboration platform. While ShareFile primarily offers a cloud-based file-sharing application, there are some features that accommodate data storage through the use of a storage zone controller.

Your website or application must be set up within communications networks in order to be accessible to users. Each connection point to an external environment is a possible attack vector that makes up your attack surface. In order to encrypt traffic between your site and your users, you can set your system up with an SSL certificate that uses SSL/TLS protocols to secure traffic.

According to the Bank for International Settlements, the financial sector is most targeted by hackers, after the healthcare sector. Finance businesses handle and manage large amounts of financial data, making them prime targets for cybercriminals. According to the Financial Stability Board, a serious cyber incident could destabilize financial systems, impacting critical infrastructure and the economy.