Risk & Compliance News.

May 13th, 2022 - The impact of President Joe Biden’s cybersecurity executive order over the last year proved to go beyond initial expectations. Last May, the Biden administration issued its Executive Order on Improving the Nation’s Cybersecurity . Released with much fanfare in the immediate aftermath of the Colonial Pipeline ransomware attack and shutdown—and resultant gas station lines and price spikes—it contained some positive features. But, as I cautioned at the time, in many respects it ... [Read More]

May 12th, 2022 - You’ve heard more about the supply chain in the past two years than you ever expected, or likely wanted. But, as a cybersecurity professional, you now have even more reason to pay attention besides not being able to get your favorite products at the grocery store. The apps used to develop software and run the business could be causing vulnerabilities and even bringing malicious code into your network. Recent research found that supply chain attacks are rising. The recently released X-Force ... [Read More]

May 12th, 2022 - We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 - 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today ! As the head of security at a cloud-forward organization, you are an info security and risk expert with strong business acumen. On your shoulders falls the difficult task of detecting security issues as early as possible to reduce your organization’s risk posture. You must collaborate with devops, IT and ... [Read More]

May 12th, 2022 - Identifying top cyber risk scenarios is one of the most important and difficult elements of assessing risk. Companies often don’t properly prioritize the risks they face and end up flying blind on planning cybersecurity defenses. With a reliable way to quantitatively rank top cybersecurity risks based on probable loss exposure in dollars, organizations can Break through the communication barrier between IT security and the rest of the business Confidently enable reporting on risk to senior ... [Read More]

May 12th, 2022 - The National Institutes of Science and Technology (NIST) Information Technology Laboratory recently released guidance entitled "Software Supply Chain Security Guidance," in response to directives set forth in President Biden’s Executive Order 14028—Improving the Nation’s Cybersecurity. The guidance refers to existing industry standards, tools, and recommended practices that were previously published by NIST in SP800-161 "Cybersecurity Supply Chain Risk Management Practices for Systems and ... [Read More]

May 12th, 2022 - Farshchi joined the credit reporting agency in 2018 with a mandate for change following the company’s high-profile data breach. Today, he’s calling for greater transparency and collaboration in the security community, with Equifax leading the way. Equifax CISO Jamil Farshchi has pulled back the curtains on cybersecurity operations, saying that he believes “transparency to all stakeholders to the deepest degree reasonable” makes for a more secure company. “If we have transparency, it ... [Read More]

May 11th, 2022 - CISA Cybersecurity Advisory offers 12 steps MSPs can take to mitigate supply chain cyberattacks & other digital threats that target MSPs & their customers. The Cybersecurity and Infrastructure Security Agency (CISA), working with partners worldwide, has issued a new Cybersecurity Advisory (CSA) that’s designed to help MSPs protect themselves and customers from supply chain cyberattacks and other digital threats. The advisory, paraphrased below, describes 12 steps that MSPs can take to ... [Read More]

May 11th, 2022 - Solving the Specific Problem of Secure Third-Party Access Across the board, organizations are struggling to effectively manage and secure third-party access into critical networks and systems. Just take a look at the pain points: According to the Ponemon Institute report on third-party access, 74% of data breaches caused by a third party were due to granting too much privileged access to the third-party vendor. 73% of IT and security professionals think managing third parties is a drain on ... [Read More]

May 11th, 2022 - Medical Management Systems Firm Discloses Cyber Incident, Risks to SEC A recent ransomware attack on a medication management systems provider is the latest reminder of persistent cybersecurity threats and risks facing healthcare supply chain and related vendors, as well as their customers. 8-K filing ransomware attack had affected certain internal IT systems, and that the incident and its full effect were still being investigated. "There is an impact on certain of the Company's products and ... [Read More]

May 10th, 2022 - Better metrics, implementation guidance, and alignment with other frameworks are high on the list of suggested improvements to the NIST CSF. In late February, the National Institute of Standards and Technology (NIST) issued a request for information (RFI) to evaluate and enhance its Cybersecurity Framework, or CSF, first produced in 2014 and last updated in 2018. Many developments in the swiftly changing cybersecurity field prompted NIST to revisit its complex and well-received template ... [Read More]