Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

An effective third-party risk management (TRPM) program allows organizations to assess potential vulnerabilities and mitigate security risks across their entire ecosystem of vendors and suppliers. If your organization is expanding its third-party ecosystem by relying on partnerships to execute core operations, creating an effective TPRM plan is critical to regulating data risks across your growing attack surface.

TX-RAMP (Texas Risk and Authorization Management Program) is a cybersecurity program that was modeled after the similarly named FedRAMP and StateRAMP programs to ensure that cloud computing services that work with federal or state agencies have adequate security controls in place. TX-RAMP was created by the Texas Department of Information Resources (DIR) to provide a method to review the security measures taken by cloud-based products and services that process and transmit data to Texas state agencies.

With its treasure trove of sensitive information swirling inside vulnerable legacy software, the healthcare industry fits the profile of an almost textbook-perfect cyber attack target. This is why ransomware attacks are so popular within the healthcare sector. Threat actors have very little trouble getting into the industry’s network, and they know the data they compromise is too valuable to end up on the dark web.

With cybercriminals continuously improving their breach tactics, the tech industry can no longer solely rely on point-in-time cyber resilience evaluations like penetration testing. Point-in-time assessments now must be combined with continuous attack surface management for the most comprehensive awareness of data breach risks.

Your site has been configured with a SSL/TLS certificate from a trusted authority, but you're receiving risk findings that say your SSL certificate expired or is expiring. How can that be and what does it mean for your organization's cybersecurity? SSL/TLS certificates provide a critical security layer for your public web systems using the transport layer security (TLS) protocol (and its predecessor secure sockets layer or SSL).

The financial sector is home to the most coveted category of sensitive data amongst cybercriminals - customer financial information. As such, cybercriminals are continuously pounding against the industry’s cyber defenses, often finding their way through. The good news is financial institutions could minimize their data breach risks with the right attack surface management product. To learn which key features to look for in an ideal ASM product optimized for the financial sector, read on.

According to the latest cybersecurity report of CNIL, the French data protection supervisor, France has seen a record of personal data breaches in 2021 — a near 80% increase from 2020. The CNIL carried out strict regulatory measures on French businesses and organizations in 2021, sending 135 formal notices that resulted in €214 million in fines and 18 sanctions. Nine sanctions were for inefficient data security.

Vulnerability disclosure programs (VDPs) are structured frameworks or processes for organizations to document, submit, and report security vulnerabilities to all other relevant organizations. Being ready and able to address vulnerabilities before they become problems is an essential part of any cybersecurity strategy. While VDPs are not currently required by law, the U.S. government encourages vulnerability disclosure programs as a proactive approach to cybersecurity.

The Texas Data Privacy and Security Act (TDPSA) was enacted on June 18, 2023, making Texas the tenth U.S. state to authorize a comprehensive privacy law that protects resident consumers. The TDPSA borrows many statutes from other state privacy laws, mainly the Virginia Consumer Data Protection Act (VCDPA) and the California Consumer Privacy Act (CCPA).

The Cybersecurity Maturity Model Certification (CMMC) is a US Department of Defense (DoD) certification framework that aims to protect sensitive information handled by Defense Industrial Base (DIB) contractors by establishing a set of cybersecurity standards and best practices to follow. DIB partners often handle critical DoD information and other government data to operate, which typically has various levels of sensitivity and classification.