Welcome back to our Overcoming Cybersecurity Headwinds blog series—building on our latest webinar about third party risk with Marc Crudginton, CISO at Howard Hughes Corporation. In our previous blogs, we explored the wisdom of centralizing cyber risk management and automating third-party risk management (TPRM). Today, we will focus on future proofing your TPRM program.

Cyberattacks are on the rise around the globe. Recent data suggest that there are 2,200 cyberattacks every day and that the average cost of a data breach is $9.44 million. Of those cyberattacks, 92% are delivered via email in the form of malware and phishing. In 2022 alone, businesses reported 255 million phishing attacks with an average cost of $4.91 million.

Financial entities throughout the European Union are preparing for the Digital Operational Resilience Act (DORA), a new piece of legislation to strengthen the digital resilience of credit institutions, investment firms, insurers, and more. DORA focuses on breach prevention and cyber resilience, meaning financial institutions must prioritize both protecting their attack surface and incident response planning.

In one of the most important cybersecurity regulatory developments in recent memory, the U.S. Securities and Exchange Commission (SEC) recently adopted new cybersecurity disclosure requirements for publicly traded companies, including a requirement to publicly disclose a “material” cybersecurity incident in Form 8-K within four business days of determining that it is material.

Critical Security Controls are a set of cybersecurity principles and actions that list defense tactics and best practices to mitigate against popular cyber-attack methods. But what makes them so valuable is that the framework prioritizes a small number of actions that all work to significantly reduce cybersecurity risk across your network. Keep reading to learn more about CIS controls, as well as which controls are essential for successful cyber defense.

Bitsight has identified nearly 100,000 exposed industrial control systems (ICS) owned by organizations around the world, potentially allowing an attacker to access and control physical infrastructure such as power grids, traffic light systems, security and water systems, and more. ICSs — a subset of operational technology (OT) — are used to manage industrial processes like water flow in municipal water systems, electricity transmission via power grids, and other critical processes.

General Data Protection Regulation (GDPR) is a framework for data protection that gives strict obligations for organizations within the European Union. For many businesses, understanding and implementing GDPR vendor management is a daunting task. That’s why we are going to break down what GDPR vendor management is, who is involved in it, and what the requirements are.

Open port vulnerabilities pose a significant security risk to your organization. If left exposed, ports are a gateway for hackers to breach your network and steal your data. But what are open ports, why are they a security risk, and what can you do to close open port vulnerabilities? Let’s answer your open port questions.

Enterprise risk management (ERM) frameworks allow organizations to identify, assess, manage, and monitor risks across all levels of an organization. One of the most well-known approaches to ERM is the COSO ERM framework published by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). The framework offers guidelines and best practices for organizations seeking to achieve a balanced perspective on risk.

Risk mitigation is at the heart of cybersecurity. By connecting to the Internet, implementing upgraded IT systems, or adding a new vendor to your organization, you are automatically exposing your business to some level of cyber risk. With outsourcing on the rise and a growing reliance on vendors who are processing, storing, and transmitting sensitive data, assessing and mitigating risk is becoming increasingly important.