Cybersecurity threats are on the rise. Over the past year, we’ve observed a 148% increase in ransomware attacks and an 85% increase in phishing attacks targeting remote users. Worse still, these attacks are growing increasingly sophisticated, with threat actors using eight or more vectors in the same attack, often deploying multiple vectors within minutes of one another.

On July 19, 2021, The Board of Governors for the Federal Reserve System (Board), the Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of the Currency (OCC) released their proposed interagency guidance around third-party risk management. SecurityScorecard submitted comments in response to the proposal urging the agencies to include the adoption of security ratings to mitigate the cyber risk to financial institutions introduced by third-party vendors and suppliers.

2020 was a landmark year for data breaches. This year will likely be no different. More than 8 billion records were exposed in just the first quarter, a 273 percent jump over the same period from 2019. By the end of Q3 2020, a staggering 36 billion records had been exposed. By end of the year, data breaches had struck high-profile organizations including SolarWinds, Facebook, Microsoft, and the U.S. Department of Defense.

Cyberattackers and hackers try to exploit security vulnerabilities to gain unauthorized access to enterprise networks. Their intentions typically include installing malware, stealing sensitive data, launching supply chain attacks, or engaging in cyber extortion or espionage.

Digital transformation was well underway before the pandemic and in order to enable remote work and e-commerce, organizations have been adding new digital offerings at an unprecedented rate. Businesses are growing increasingly reliant on digital infrastructure with the expectation to secure a shifting cloud while managing a hybrid workforce and a growing IoT.

Global cyberattacks increased by 29 percent in the first half of 2021 compared to 2020, and we can assume that cybercriminals and hackers won’t stop their malware and ransomware attacks any time soon. A strong cybersecurity strategy is vital to reduce losses from those attacks, and a robust incident response plan should be a part of that strategy.

All organizations rely on vendors to function in today’s dynamic landscape while achieving peak operational efficiency, cost-effectiveness, and economies of scale. A growing third-party network can yield significant benefits for organizations — but it also results in greater risk.

According to a Pew survey in 2019, 70 percent of American adults believed at the time that their data was less secure than it had been five years prior. Now consider that a pandemic followed, along with major data breaches at the likes of Microsoft and others. One can safely assume Americans are even less confident about the security of their data today.

Organizations are increasingly concerned about cybersecurity risks and with good reason. Risks are constantly changing; take this last year, for example, the pandemic lockdown meant many knowledge workers went remote, which in turn increased the vulnerability of remote desktop services by 40%, saw criminals targeting end-users, and caused phishing and ransomware scams to boom. And then there’s the bottom line.

ISO 27001 is the most popular internationally recognized standard for managing information security. Its creation was a joint effort between the International Organization for Standardization (ISO), and the International Electrotechnical Commission (IEC) - this is why the framework is also referred to as ISO/IEC 27001. ISO 27001 can also be implemented into a Third-Party Risk Management program.