Cyber vendor risk management (Cyber VRM) is the practice of identifying, assessing, and remediating cybersecurity risks specifically related to third-party vendors. By leveraging data from data leak detection, security ratings, and security questionnaires, organizations can better understand their third-party vendor’s security posture using Cyber VRM solutions.
Ransomware is the fast-growing category of cybercrime. It’s estimated that over 4,000 ransomware attacks occur daily. Given the sheer volume of these attacks and the deep attack surface connections between organizations and their vendors, there’s a high likelihood that some of your employee credentials have already been compromised in a ransomware attack, which means the keys to your corporate network could currently be published on a ransomware gang’s data leak site.
Organizations trust third-party vendors to manage large volumes of sensitive customer data, with outsourcing increasing across all industries, including the highly-regulated healthcare sector and financial services. However, service providers don’t necessarily implement the same strict data security standards that these organizations do. Cyber attacks targeting third parties are increasing, according to Gartner.
The technology industry has unlocked innovation across all sectors as an enabler of digital transformation. Most organizations are now outsourcing critical operations to tech companies, such as cloud providers. Tech vendors are now left to manage an ever-growing volume of sensitive data, which they must secure effectively to prevent large-scale data breaches. IBM and Ponemon Institute’s 2022 Cost of a Data Breach Report found a record high average breach cost of US$4.35 million.
In cybersecurity, triage is a cyber incident response approach to identifying, prioritizing, and resolving cybersecurity attacks, threats, and damages within a network. When simultaneous and multiple attacks occur, an IT security team must prioritize which system or device to assess in order to mitigate, remediate, and salvage important devices and data from further damage.
OAuth (pronounced "oh-auth”) is an authorization framework that allows an application to request “secure delegated access” to third-party systems on behalf of the apps’ users or the “resource owner.” Simply put, with OAuth, users can grant websites and applications access to their information on other websites without providing important credentials like passwords. OAuth stands for "Open Authorization”.
During the Vendor Risk Management process, information is in constant flux. From risk assessments to risk remediation processes, communication involving sensitive security control data continuously flows between an organization and its monitored vendors. If intercepted, this information stream could be used as open source intelligence for a third-party data breach campaign, nullifying the very efforts a VRM program is trying to mitigate.
The vulnerabilities perforating the global supply chain have remained dormant for many years. But the violent disruptions of the pandemic finally pushed these risks to the surface, revealing the detrimental impacts of their exploitation to the world.
The financial industry is no stranger to data breaches. Financial institutions have access to millions of personally identifiable information (PII) records, which they must secure to the highest standard. The value of this data is open knowledge – hackers will actively search for existing cybersecurity weaknesses to gain unauthorized access to customers’ financial information.
NIST Special Publication 800-171 (NIST SP 800-171 or NIST 800-171) is a set of security controls within the NIST Cybersecurity Framework that establishes baseline security standards for federal government organizations. NIST SP 800-171 is mandatory for all non-government organizations operating with federal information systems.
