Third-Party Risk Management & Compliance News
Jul 25th, 2024 - What is open source software? Open source software (OSS) is software for which the original authors have granted express copyright and usage permissions to allow all users to access, view, and modify the source code of these programs however they see fit and without the need to pay royalties. This is in contrast to proprietary, closed source software, which typically requires a paid license and cannot be added to, modified, or distributed by anyone except the owner of the rights to the ... [Read More]
Source: securityboulevard.com
Jul 25th, 2024 - In an effort to bolster data security and privacy practices amidst increasing cyberattacks, new data breach reporting rules enforced by the Federal Trade Commission (FTC) and Securities and Exchange Commission (SEC) have taken effect for various organizations and financial institutions. Since May 13, 2024, non-banking financial institutions (including mortgage brokers, payday lenders and tax preparation firms) must report data breaches to the FTC within 30 days of discovery. This new mandate, ... [Read More]
Source: securitymagazine.com
Jul 25th, 2024 - This updated version of NIST provides a major focus on governance and supply chain risk. On February 26, 2024, the U.S. National Institute of Standards and Technology (NIST) released the first major update to its The original framework's name reflected NIST's goal to protect businesses in 16 designated critical infrastructure categories. The new framework known simply as the removes the critical infrastructure reference and has been designed to help secure all businesses. NIST CSF Version ... [Read More]
Source: channelpronetwork.com
Jul 24th, 2024 - A new study released today by cybersecurity firm NetRise Inc. warns that vulnerability risks associated with network equipment are far greater than previously understood. NetRise's third-quarter supply chain visibility and risk study for network equipment, based on the analysis of more than 100 different networking equipment devices, found that traditional network-based vulnerability scanners significantly underreport the true extent of software vulnerabilities in critical networking ... [Read More]
Source: siliconangle.com
Jul 24th, 2024 - What is an Incident Response Plan? Modern-day enterprises experience cybersecurity threats and risks are a part of everyday business. Therefore, protecting business assets requires pre-emptive and proactive measures, and IRP is one such approach that assists security teams in handling a security event. A network security breach can put an enterprise into chaos. A security breach exposing sensitive data and networks pushes security teams into panic, especially the inexperienced ones. Even an ... [Read More]
Source: securityboulevard.com
Jul 24th, 2024 - AT&T announced earlier this month that nearly all its customer phone records – around 110 million of them – were stolen via Snowflake. Data lakes like Snowflake, which serve as data repositories with wide access for employees, are prime targets for cybercriminals. However, security teams often overlook them as just another IT component. But it's no longer acceptable to overlook data security. This has become especially true in the age of generative AI, which relies on vast amounts ... [Read More]
Source: scmagazine.com
Jul 23rd, 2024 - As organizations increasingly adopt third-party AI tools to streamline operations and gain a competitive edge, they also invite a host of new risks . Many companies are unprepared, lacking clear policies and adequate employee training to mitigate these new dangers. AI risks extend far beyond the usual suspects of IT and security departments, bringing new vulnerabilities to customer success, marketing, sales, and finance. These risks—from privacy breaches and biased algorithms to financial ... [Read More]
Source: helpnetsecurity.com
Jul 23rd, 2024 - There are a number of US Securities and Exchange Commission (SEC) reporting implications arising from the server-related outages caused by CrowdStrike's defective software update on July 19, 2024, and their impacts on public companies, particularly in light of the SEC's new cybersecurity disclosure rules. While the situation on the ground – as well as answers to these questions – is still very much evolving, public companies impacted by the CrowdStrike update should consider doing ... [Read More]
Source: jdsupra.com
Jul 23rd, 2024 - 91% of respondents say their security budget is increasing this year, demonstrating a growing recognition of the importance of cybersecurity within organizations, according to Seemplicity. Vendor environments introduce complexity and fragmentation Seemplicity surveyed 300 US cybersecurity professionals to gauge perceptions on key topics, including vulnerability and exposure management, automation, AI, and regulatory compliance. Organizations reported utilizing an average of 38 different ... [Read More]
Source: helpnetsecurity.com
Jul 22nd, 2024 - After bringing together the French security community at an in-person event , GitGuardian hosted CodeSecDays, its annual worldwide gathering for the software security community. This global event brought together leading experts from Snyk, Docker, CyberArk, Chainguard, and CircleCI, for a full-day immersion in software supply chain security. It featured informative presentations and discussions on cybersecurity challenges and best practices in the industry. If you couldn't attend, here are some ... [Read More]
Source: securityboulevard.com
Jul 25th, 2024 - What is open source software? Open source software (OSS) is software for which the original authors have granted express copyright and usage permissions to allow all users to access, view, and modify the source code of these programs however they see fit and without the need to pay royalties. This is in contrast to proprietary, closed source software, which typically requires a paid license and cannot be added to, modified, or distributed by anyone except the owner of the rights to the ... [Read More]
Source: securityboulevard.com
Jul 25th, 2024 - In an effort to bolster data security and privacy practices amidst increasing cyberattacks, new data breach reporting rules enforced by the Federal Trade Commission (FTC) and Securities and Exchange Commission (SEC) have taken effect for various organizations and financial institutions. Since May 13, 2024, non-banking financial institutions (including mortgage brokers, payday lenders and tax preparation firms) must report data breaches to the FTC within 30 days of discovery. This new mandate, ... [Read More]
Source: securitymagazine.com
Jul 25th, 2024 - This updated version of NIST provides a major focus on governance and supply chain risk. On February 26, 2024, the U.S. National Institute of Standards and Technology (NIST) released the first major update to its The original framework's name reflected NIST's goal to protect businesses in 16 designated critical infrastructure categories. The new framework known simply as the removes the critical infrastructure reference and has been designed to help secure all businesses. NIST CSF Version ... [Read More]
Source: channelpronetwork.com
Jul 24th, 2024 - A new study released today by cybersecurity firm NetRise Inc. warns that vulnerability risks associated with network equipment are far greater than previously understood. NetRise's third-quarter supply chain visibility and risk study for network equipment, based on the analysis of more than 100 different networking equipment devices, found that traditional network-based vulnerability scanners significantly underreport the true extent of software vulnerabilities in critical networking ... [Read More]
Source: siliconangle.com
Jul 24th, 2024 - What is an Incident Response Plan? Modern-day enterprises experience cybersecurity threats and risks are a part of everyday business. Therefore, protecting business assets requires pre-emptive and proactive measures, and IRP is one such approach that assists security teams in handling a security event. A network security breach can put an enterprise into chaos. A security breach exposing sensitive data and networks pushes security teams into panic, especially the inexperienced ones. Even an ... [Read More]
Source: securityboulevard.com
Jul 24th, 2024 - AT&T announced earlier this month that nearly all its customer phone records – around 110 million of them – were stolen via Snowflake. Data lakes like Snowflake, which serve as data repositories with wide access for employees, are prime targets for cybercriminals. However, security teams often overlook them as just another IT component. But it's no longer acceptable to overlook data security. This has become especially true in the age of generative AI, which relies on vast amounts ... [Read More]
Source: scmagazine.com
Jul 23rd, 2024 - As organizations increasingly adopt third-party AI tools to streamline operations and gain a competitive edge, they also invite a host of new risks . Many companies are unprepared, lacking clear policies and adequate employee training to mitigate these new dangers. AI risks extend far beyond the usual suspects of IT and security departments, bringing new vulnerabilities to customer success, marketing, sales, and finance. These risks—from privacy breaches and biased algorithms to financial ... [Read More]
Source: helpnetsecurity.com
Jul 23rd, 2024 - There are a number of US Securities and Exchange Commission (SEC) reporting implications arising from the server-related outages caused by CrowdStrike's defective software update on July 19, 2024, and their impacts on public companies, particularly in light of the SEC's new cybersecurity disclosure rules. While the situation on the ground – as well as answers to these questions – is still very much evolving, public companies impacted by the CrowdStrike update should consider doing ... [Read More]
Source: jdsupra.com
Jul 23rd, 2024 - 91% of respondents say their security budget is increasing this year, demonstrating a growing recognition of the importance of cybersecurity within organizations, according to Seemplicity. Vendor environments introduce complexity and fragmentation Seemplicity surveyed 300 US cybersecurity professionals to gauge perceptions on key topics, including vulnerability and exposure management, automation, AI, and regulatory compliance. Organizations reported utilizing an average of 38 different ... [Read More]
Source: helpnetsecurity.com
Jul 22nd, 2024 - After bringing together the French security community at an in-person event , GitGuardian hosted CodeSecDays, its annual worldwide gathering for the software security community. This global event brought together leading experts from Snyk, Docker, CyberArk, Chainguard, and CircleCI, for a full-day immersion in software supply chain security. It featured informative presentations and discussions on cybersecurity challenges and best practices in the industry. If you couldn't attend, here are some ... [Read More]
Source: securityboulevard.com
You May Also Like…
BofA and AMEX Breaches Reinforce the Importance of Attack Surface Monitoring in Vendor Risk Management
The recent third-party breaches involving Bank of America and American Express highlight a disturbing trend: even the most sophisticated and regulated companies in the financial services sector are...
Derrick Lowe, Chief Security Officer of Orlando Health, Joins ProcessBolt’s Board of Directors
ProcessBolt is pleased to announce that Derrick Lowe, CSO of Orlando Health and one of Becker Hospital Review’s 60 “CISOs to Know” for 2023, is joining ProcessBolt’s board of directors.
Understanding the Change Healthcare Breach
The Change Healthcare breach represents a pivotal moment in healthcare cybersecurity, with its extensive effects felt across hospitals and health systems nationwide. Orchestrated by the...