Third-Party Risk Management & Compliance News
Sep 15th, 2024 - While the federal government deadline has arrived on implementing a zero-trust cybersecurity model, many state and local governments have committed to zero-trust architecture as well. On Jan. 26, 2022, the Executive Office of the President issued an executive memorandum to the heads of federal government executive departments and agencies, which provided guidance and direction on zero-trust architecture (ZTA) strategy. The memo was entitled Moving the U.S. Government Toward Zero Trust ... [Read More]
Source: govtech.com
Sep 13th, 2024 - Over-Deployment of Tools Raises Security and Operational Concerns Excessive deployment of remote access tools in operational technology environments expands attack surfaces and creates operational challenges, warned security researchers from Claroty. Claroty's Team82 reported that after examining more than 50,000 remote access-enabled devices reported by customers, it determined that more than half of organizations use four or more remote access tools. One-third deploy six or more. Remote ... [Read More]
Source: databreachtoday.com
Sep 13th, 2024 - Are you confident your vulnerability management is doing its job, or do you sometimes feel like it's falling short? Many companies invest time and resources into managing vulnerabilities, yet still find themselves exposed to threats that slip through the cracks. Whether you already have a system in place or are looking to implement one, avoiding common vulnerability management mistakes can make all the difference. Are you prioritizing the right vulnerabilities? Do you have a clear ... [Read More]
Source: securityboulevard.com
Sep 13th, 2024 - The new European Union (EU) cybersecurity regulatory landscape has arrived. Organizations are now being faced with more demanding, challenging and fine-tuned cyber resilience requirements across their entire ecosystem. This is now especially true for a long-waited area, the secure development and end-to-end product security lifecycle. The EU has introduced three critical legislative frameworks – the Digital Operational Resilience Act (DORA) , the Network and Information Security Directive ... [Read More]
Source: infosecurity-magazine.com
Sep 12th, 2024 - Over the past 12 months, 62% of U.S. companies have filed a cyber insurance claim with more than 27% filing multiple claims within the same period. This staggering statistic comes via identity security specialist , which reported that U.S. companies are increasingly adopting advanced technologies like AI to secure strong cyber insurance coverage and mitigate rising costs. Delinea President will be of particular interest to MSSPs as the grapple with the complexities of today's cyber insurance ... [Read More]
Source: msspalert.com
Sep 12th, 2024 - What's Behind the Shift in the Payment Security Standards The payment security landscape is constantly evolving, with governing bodies continually updating their guidance to keep pace with cybercriminal activity. The financial services industry is particularly vulnerable to cyberattacks, experiencing the highest volume (36%) of account takeover (ATO) attacks, given the incentive of payment credentials behind user accounts. While this industry is a lucrative target for attacks, any organization ... [Read More]
Source: techspective.net
Sep 11th, 2024 - The Value of Cyber Risk Quantification Models Vs. CRQ Frameworks TL;DR Data-driven cyber risk management is essential to navigate the current threat landscape and proactively mitigate the potential impacts that accompany even the most non-malicious of incidents. While CRQ frameworks like FAIR can provide a structured methodology for analyzing an organization's risk, they lack the dynamic, real-time data necessary for accurate cyber risk forecasts. CRQ models, on the other hand, ... [Read More]
Source: securityboulevard.com
Sep 11th, 2024 - Allocating security resources can be a daunting task for CISOs and other security leaders, but there are ways to strike a balance between short-term and long-term needs. Cybersecurity has become a high-stakes balancing act — the modern CISO is under constant pressure to protect their organization from the latest threats, including ransomware and phishing, while also developing long-term security strategies and reporting to the C-suite and board. This means juggling immediate needs, ... [Read More]
Source: csoonline.com
Sep 11th, 2024 - Five Strategies For Boards To Enhance Governance And Resilience In The Face Of Evolving Cyber Risks Steve Durbin is Chief Executive of Information Security Forum . He is a frequent speaker on the Board's role in cybersecurity and technology. These are challenging times and uncertain times, especially from a cybersecurity perspective. Critical infrastructure such as hospitals, airports, water treatment plants and the power grid are being bombarded with cyberattacks. Far too many organizations ... [Read More]
Source: forbes.com
Sep 11th, 2024 - The Federal Financial Institutions Examination Council (FFIEC) has officially announced that its Cybersecurity Assessment Tool (CAT) will phase out by August 31, 2025. Launched in June 2015, the CAT has helped financial institutions assess and improve their cybersecurity posture. However, with cybersecurity threats constantly evolving, the FFIEC has decided it's time to move on. This means that institutions will need to shift to more modern frameworks. In this blog, we'll explain what this ... [Read More]
Source: securityboulevard.com
You May Also Like…
The Rise in Class Action Lawsuits and 4th Party Risk
The Rise in Class Action Lawsuits and 4th Party Risk: The Alexion Pharmaceuticals Breach What is 4th-Party Risk and Why is it Becoming an Issue? Organizations rely on a complex network of third...
The Black Basta Ransomware Variant and the Ascension Data Breach
In early May 2024, the Cybersecurity and Infrastructure Security Agency (CISA), along with the Health and Human Services (HHS) and the Federal Bureau of Investigation (FBI), issued a joint advisory...
BofA and AMEX Breaches Reinforce the Importance of Attack Surface Monitoring in Vendor Risk Management
The recent third-party breaches involving Bank of America and American Express highlight a disturbing trend: even the most sophisticated and regulated companies in the financial services sector are...