Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The reliance on third-party vendors for diverse services has become a norm in 2023. However, this dependence brings with it the need for a heightened focus on the cybersecurity posture of these external partners. It’s imperative for businesses to meticulously assess the cybersecurity risks and compliance levels of their vendors to safeguard against potential vulnerabilities that could impact their operations.

The risk of data breaches has become an omnipresent concern for businesses and organizations. And as technology continues to evolve, so do the tactics of cybercriminals. One critical aspect of cybersecurity strategy involves preparing for and responding to third-party data breaches. A well-constructed response playbook is indispensable in mitigating the potential damages and ensuring a swift recovery.

‍We are thrilled to welcome Bob Lyle to Riscosity as our Chief Revenue Officer. Bob is an accomplished executive with extensive GTM experience in scaling software and security companies. He will be responsible for the planning, development, and global execution of our revenue strategy as we continue to evolve our business.

‍ The US Securities and Exchange Commission's complaint against SolarWinds and its Chief Information Security Officer (CISO) Tim Brown has sent shockwaves through the cybersecurity community. Solarwinds and Brown have been accused of fraud, the details of which can be found in an extensive 68-page document. ‍ This complaint, in itself a bold move, has been particularly jolting to cyber professionals given the SEC’s July 2023 regulations.

More than two years after the major U.S. pipeline ransomware incident, the SecurityScorecard Threat Research, Intelligence, Knowledge, and Engagement (STRIKE) Team has released a new report revealing that 90% of the largest global energy companies have experienced a third-party breach in the past 12 months. This research highlights the uphill battle faced by the energy industry in combating emerging threats across the supply chain.

Do you know what percentage of your vendors are at higher risk of ransomware attack? Can you drill-in to see exactly who? Or more importantly, why? Or how effective your vendor program has been in reducing risk to the business over the last 12 months? In the ever-connected world of partners and suppliers, vendors and even more vendors, the line between ‘their risk’ and ‘your risk’ disappeared. And what security and compliance teams need more of is not more data, but insights.

On November 25, the U.S. municipal water authority in Aliquippa, Pennsylvania confirmed that one of its booster stations had suffered an attack by a threat actor group that supports Iranian geopolitical interests. The attack by a cyber group known as CyberAv3ngers compromised a programmable logic controller (PLC) for a water pressure monitoring and regulation system. Officials, however, have made it clear that the incident did not threaten local drinking water or water supplies.

In today’s interconnected business environment, third-party partnerships are essential for growth and operational efficiency. However, these collaborations bring inherent risks, especially in the realm of cybersecurity. Effective third-party risk management is crucial for safeguarding sensitive data and maintaining business continuity.

In an era where businesses are increasingly reliant on third-party vendors for essential services, the significance of a resilient third-party risk management program cannot be overstated. Third-party partnerships can expose organizations to various risks, especially in the domain of cybersecurity. This guide aims to help businesses in building a robust third-party risk management program that is adaptable to the ever-evolving landscape of cyber threats and dynamic business needs.