On August 27, 2021, the US House Homeland Security Committee released a draft bill that would update the Homeland Security Act of 2002. This proposed bill seeks to establish a Cyber Incident Review Office and publish an interim rule that would outline procedures for reporting cybersecurity incidents.
The escalation of cyberattacks since early 2020 is requiring many companies to strengthen their security operations. Adversaries are taking advantage of new attack vectors – like IoT devices, insecure remote access mechanisms, and the multiple personal and work devices users now move between. They’re also leveraging human vulnerabilities, impersonating trusted colleagues and third parties to infiltrate organizations.
Cloud computing has revolutionized the business and technological landscape of the last decade. More organizations are turning to cloud services to better manage massive volumes of both structured and unstructured data on a daily basis. As organizations move more and more information and applications to the cloud, there are growing concerns for data security and regulatory compliance.
News of ransomware attacks disrupting supply chains has increased recently. As threat actors disrupt businesses and critical infrastructure, they may appear to be working harder. However, cybercriminals treat ransomware as a business, enabling an underground industry. Ransomware-as-a-Service (RaaS) is a growing underground industry that continues to place sensitive information at risk.
Vendor tiering is the key to a more resilient and sustainable third-party risk management strategy. But like all cybersecurity controls, it must be supported by the proper framework. To learn how to optimize your Vendor Risk Management program to greater efficiency through best vendor tiering practices, read on.
Security teams are struggling to contend with the expanding third-party attack surface which is fueled by the pernicious cycle of poor vendor risk management.
Connected devices offer healthcare providers ways to remotely monitor patient health. Additionally, hospitals use these devices for enhanced patient care, including medication delivery and vitals monitoring. However, malicious actors often use unsecured IoMT as part of their attack methodologies.
Security compliance management is the process of monitoring and assessing systems, devices, and networks to ensure they comply with regulatory requirements, as well as industry and local cybersecurity standards. Staying on top of compliance isn’t always easy, especially for highly regulated industries and sectors. Regulations and standards change often, as do threats and vulnerabilities. Organizations often have to respond quickly to remain in compliance.
Every day, organizations around the world use due diligence questionnaires (DDQs) to evaluate potential business partnerships and gain a better understanding of the way various third-party vendors conduct day-to-day operations. These questionnaires help organizations investigate potential business ventures or partnerships to confirm they are making a good investment before entering into an agreement with a third-party.
