Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Businesses are using more SaaS applications than ever, with an average of 110 apps per organization. This proliferation of third-party applications means increasingly more customer and employee data is handled by external vendors. ‍ Ensuring your third-party vendors are secure by tracking risk, conducting reviews, and responding to issues is a security best practice and compliance requirement. Unfortunately, this process is often a manual — and expensive — one.

The SecurityScorecard team has just returned from an exciting week in San Francisco at RSA Conference 2023. This year’s theme, “Stronger Together,” was meant to encourage collaboration and remind attendees that when it comes to cybersecurity, no one goes it alone. Building on each other’s diverse knowledge and skills is what creates breakthroughs.

Cybercriminals are sneaky. They know that the weakest link in an organization’s cyber defenses is its supply chain. In fact, supply chain attacks are now the avenue of choice for hackers. Consider the facts.

When choosing a supplier to partner with, organizations need to perform their due diligence and assess the cyber risks associated with each particular supplier using risk assessment evaluations. Part of the supplier lifecycle management process includes ensuring that these third parties are meeting minimum security requirements, maintaining strong cybersecurity programs, and adhering to all relevant compliance regulations.

On average, organizations deploy 47 different cybersecurity solutions and technologies. This puts security, IT, and VRM teams in a difficult position, working with various tools that don’t integrate. One-third of organizations identify “non-integration of security tools” as a major roadblock to getting the total value of their investments.

Waves of change are constantly disrupting companies of all sizes around the world, particularly when it comes to cybersecurity. Digital infrastructure keeps expanding, work models constantly change, and the web between businesses gets more and more intertwined. It’s no surprise that CISOs and risk leaders are evolving. A majority of boards now see cyber risk as business risk, so they’re asking hard questions around risk and exposure.

A lack of direct communication with your fourth-party vendors makes tracking their security risks difficult. Thankfully, there are methods of overcoming this issue to help you remain informed of emerging fourth-party risks to help you easily track emerging fourth-party threats within your Fourth-Party Risk Management program. To learn how UpGuard can help you track your fourth-party risk, click here to request a free trial.

We’ve entered the fourth and final week of National Supply Chain Integrity Month, an initiative started by CISA and other government agencies to highlight the importance of securing our nation’s most critical systems and ensuring they stay resilient. I started off the month with a post about maturing your third-party risk management program, and followed that up with two more posts dedicated to securing the small business supply chain and streamlining procurement.

Early 2023 has been characterized by an explosion of Artificial Intelligence (AI) breakthroughs. Image generators and large language models (LLMs) have captured global attention and fundamentally changed the Internet and the nature of modern work. But as AI / Machine Learning (ML) systems now support millions of daily users, has our understanding of the relevant security risks kept pace with this wild rate of adoption?