Product News

Find out about our new product features, the latest platform changes, and discover company announcements before anyone else.

Risk Management

Stay up to date on third-party risk management best practices and techniques, and learn about new regulations for third party risk.

Security Research

Keep up with research around the biggest data breaches, malware infections, IoT risks and all the latest news in cybersecurity.

Risk Assessments: A Step-By-Step Guide

  Performing risk assessments is a key part of any organization’s information security management program. Everyone knows that there’s some level of risk involved when it comes to a company’s critical data, assets, and facilities, but how do you quantify and prepare for this risk? The purpose of a risk assessment is to determine what … Continued

90-Days In: What DFS Questions Do You Have?

90-Days In: What DFS Questions Do You Have?

Since the last time we wrote about the DFS Cybersecurity Regulations, the final version of the regulations went into effect on March 1st, 2017. It’s 90 days later, and financial companies are racing to fix their cybersecurity posture, with the first set of deadlines quickly approaching. It’s no surprise that NY DFS stepped with this … Continued

Read More
Ransomware: A Detailed Analysis of an Emerging Threat

Ransomware: A Detailed Analysis of an Emerging Threat

  One of the most dangerous emerging trends in the malware world is ransomware. This hacking method has already wrought significant havoc on many businesses and individuals since becoming a credible threat a few years ago, and it seems to be growing in complexity and destructive potential with each passing day. This article will provide … Continued

Read More
A CISO’s Guide to Communicating with the Board

A CISO’s Guide to Communicating with the Board

Communicating with the Board of Directors can be one of the most difficult tasks that a Chief Information Security Officer is responsible for. Whether it’s because of differing priorities, a lack of clear information, or simple indifference, a CISO can have trouble getting the Board on the same page if he or she is not … Continued

Read More
3 Third-Party Risk Management Challenges of 2016 & How To Conquer Them

3 Third-Party Risk Management Challenges of 2016 & How To Conquer Them

  Since the massive Target data breach in December 2013, third-party risk stopped being an afterthought and started becoming one of the top priorities for CISOs and Risk Departments. As a response, Third-Party Risk Management (TPRM) underwent a transformation in early 2014, and has continued through 2016 to keep up with today’s modern risks. With … Continued

Read More
3 Security Approaches CISOs Must Embrace To Mitigate Third Party Risk

3 Security Approaches CISOs Must Embrace To Mitigate Third Party Risk

  Guest post by Sam Kassoumeh, COO and co-founder of SecurityScorecard. A seasoned cybersecurity professional, he has been the Head of Security and Compliance at Gilt and led Global Security at Federal-Mogul. Sam has over 10 years of experience leading security teams. In this guest blog post, Sam offers a critical perspective of how CISOs … Continued

Read More
What Brexit Means for The Cybersecurity Industry

What Brexit Means for The Cybersecurity Industry

  In late June, the United Kingdom (UK) held a referendum on whether or not the UK would continue to be a member of the European Union (EU). The UK voted to leave the EU, a decision dubbed as the ‘Brexit.’ The initial consequence of the Brexit looked grim and despite some recovery, the fallout … Continued

Read More
New Technology Can Solve Your Vendor Risk Management Problems

New Technology Can Solve Your Vendor Risk Management Problems

  Vendor Risk Management (VRM) is stuck in tradition, leaving it far behind when it comes to the security risks and challenges of today. While organizations are using using more vendors and exposing themselves to higher risk, they’re largely still using periodic onsite assessments, questionnaires, and point-in-time penetration tests to assess their vendor’s risk. While … Continued

Read More
The Healthcare Industry Currently Faces A Growing Cyber Security Crisis

The Healthcare Industry Currently Faces A Growing Cyber Security Crisis

  Hospitals are where you go to get healthy, but they are increasingly becoming playgrounds for hackers, owing to weak cyber security measures. A couple of weeks ago, networks of the Hollywood Presbyterian Medical Center, a California-based hospital, were held hostage, reportedly to the tune of 9,000 bitcoin or over $3.6 million. This isn’t a … Continued

Read More
Tips for Vetting the Security of Cloud Service Providers

Tips for Vetting the Security of Cloud Service Providers

How to Vet Cloud Vendors and Make Sure CSPs Are Used Securely A modern enterprise uses the cloud and cloud service providers (CSP), period. Your employees might use DropBox or OneDrive to access work data remotely. You might communicate with your vendors mostly through a portal that accepts invoices and generates work orders. At the top … Continued

Read More
New Research Calls Out Today's Vendor Risk Challenges

New Research Calls Out Today’s Vendor Risk Challenges

New ESG Report: “Intelligence-driven Vendor and Supplier Security Risk Management” A recent study conducted by Enterprise Strategy Group (ESG), an IT research and strategy firm based in Milford, MA, looks at the issue of third party supplier and partner security in depth. The new report discusses approaches to today’s vendor risk management challenges and emerging technology solutions … Continued

Read More
How Shadow IT Complicates Vendor Risk Management

How Shadow IT Complicates Vendor Risk Management

Third Party Dangers in Shadow IT The shadow information technology (IT) services provided by unknown third-party vendors introduce multiple risks. Any time data is moved to a vendor or accessed outside the corporate network by a third- or fourth-party, the risk of loss increases. Companies have, in one sense, lost control of IT. A Forbes article reported … Continued

Read More
Third Parties a Major Culprit in Healthcare Breaches

Third Parties a Major Culprit in Healthcare Breaches

Healthcare Breaches Cannot Be Ignored There have been two notable healthcare breaches in the last month: Upstate New York healthcare provider, Excellus Blue Cross Blue Shield, recently reported over 10 million patients’ records were breached. Systema Software, a Larskpur, California-based third party claims software provider, had data of 1.5 million customer claims data exposed on … Continued

Read More
Use Vendor Risk Management Templates to Establish a Baseline

Use Vendor Risk Management Templates to Establish a Baseline

Level the Vendor Risk Playing Field With Templates Two facts have radically transformed vendor risk management and the need for template use in just the past few years:   There’s increased awareness that vendors are often the weak links that allow data breaches to occur; Federal regulators are increasingly vocal about the need for aggressive … Continued

Read More
How Strong Is Your Vendor Management Program?

How Strong Is Your Vendor Management Program?

Vendor Management: You Need a Strategy Like the game of chess, vendor management requires understanding all the moves of all the pieces of vendors themselves. The more vendors differ in what and how they supply your company, the more challenging your vendor management (VM) program will be. Vendor management processes for companies with minimal vendor diversity … Continued

Read More
Addressing The Vendor Risk Management Dilemma

Addressing The Vendor Risk Management Dilemma

It has happened in retail, in hotels, in healthcare, and in many other verticals with many suppliers or partners. Exactly how has vendor risk management missed the mark so often? It has become an old story. A large company’s network is gravely breached and, after weeks of investigation, a finger is pointed at a minor … Continued

Read More
The Vendor Risk Checklist You Need Before Signing a Contract

The Vendor Risk Checklist You Need Before Signing a Contract

Validate Vendor Risk Management with a Security Checklist We’ve compiled a checklist of items that your company can use to protect its infrastructure whenever it starts working with a new vendor, as part of routine vendor risk management processes. A vendor’s systems can be a threat to you  when both parties’ systems are connected together. This … Continued

Read More
Why Supply Chains Need Strong Vendor Risk Management

Why Supply Chains Need Strong Vendor Risk Management

The New Attack Perimeter: Third-Party Suppliers As technology becomes more tightly integrated with traditional manufacturing processes, OEM components and capital equipment are vulnerable to intrusion. Ultimately, companies that rely on suppliers to secure their own products are falling behind the regulatory and reputational curve. Security is front of mind for government scrutiny and consumer awareness. … Continued

Read More
5 Tools Every Vendor Manager Should Know About

5 Tools Every Vendor Manager Should Know About

Vendor Management Is Evolving Into a More Complex and Risky Process When tasked with working in a modern technology-driven industry you will undoubtedly find that your company is not large enough to facilitate all the needs that your customers and employees require. This is true for almost any company now, and the easiest way to … Continued

Read More
Third-Party Security Breaches Sign of Growing Vendor Risk Problem

Third-Party Security Breaches Sign of Growing Vendor Risk Problem

Third Party Breaches Continue to Remain in the Media The long term effects of data breaches that have originated via third parties have the attention of executive boards of directors, but the C-level may not be as keen on dealing with the problem as you might think. These long term effects include: legal action from customers, damage … Continued

Read More
Echoes of Target Breach In Recent CVS Photo Partner Hack

Echoes of Target Breach In Recent CVS Photo Partner Hack

PNI Digital Media Was A Third Party Entry Point Into Big Retail: CVS, Walmart, Possibly Others Update: PNI Digital media is facing multiple class action lawsuits, according to Law 360 and Class Actions Reporter. One suit is centered on CVS in the state of Georgia; the other suit is focused on Costco which was filed … Continued

Read More