Videos

In this video, we explore the critical issue of software supply chain risk and its increasing complexity. Recent breaches highlight the dangers of vulnerabilities in third-party components used to build software programs. A notable example is the discovery of a vulnerability in XC Utilities, an open-source compression library for Linux-based systems, which could have caused widespread disruption if not for the timely intervention of a Microsoft developer.

This incident underscores the need for a robust vendor risk management program focused on software supply chain security. It's essential to scrutinize the components used by both your organization and your vendors.

Watch to learn more about managing software supply chain risks and share your strategies in the comments. Don't forget to like, comment, and subscribe for more insights on third-party risk management!

0 0

In this video, we discuss the recent cybersecurity advisory released by CISA, HHS, and the FBI regarding the Black Basta ransomware variant, which has targeted 12 out of 16 critical infrastructure sectors. The healthcare industry, notably affected by the Ascension attack, faces significant challenges. Unlike typical breaches, the Ascension breach compromised operating systems across 140 hospitals in 19 states, severely impacting patient care.

We also revisit the Change Healthcare breach and its wide-ranging consequences, and compare it to the recent Kaiser breach, which exposed data on 13.4 million patients. Both incidents highlight a troubling trend: a lack of basic security hygiene and vendor risk management.

Watch to learn more about the growing threat of Black Basta ransomware and share your thoughts on how to combat this escalating issue. Don't forget to like, comment, and subscribe for more cybersecurity insights!

1 0

We examine the problems with the exchange model for vendor risk management. While the concept of a central hub for standardized security info might sound efficient, we've heard from many clients that it's actually quite ineffective.

Key issues include:

Privacy Concerns: New regulations like GDPR and CCPA make storing sensitive data in these exchanges risky.

Outdated Information: Assessments can be months old with no updates, making them unreliable without continuous monitoring.

Lack of Customization: A one-size-fits-all approach leaves critical gaps, as every vendor, regardless of industry, gets the same questionnaire.

Watch to learn more about these challenges and share your thoughts on the exchange model for vendor risk management. Don't forget to like, comment, and subscribe for more insights!

1 0

In this video, we dive into the critical issue of the labor shortage in the cybersecurity industry and its impact on vendor risk management. With over 60% of security breaches originating from vulnerabilities within supply chains or vendor networks, having the right personnel and technology to manage these risks is crucial for any enterprise.

We explore two main strategies to tackle this challenge:

Outsourcing Services: Partnering with providers who can manage vendor risk on your behalf.
Investing in Technology: Leveraging artificial intelligence and attack surface monitoring to maximize efficiency and minimize risks.
When evaluating potential service providers, it is essential to scrutinize the technology they use. Relying solely on risk assessments is not enough. Continuous, real-time monitoring of all vendor attack surfaces is imperative.

Our recommendation: Implement both strategies. Enhance your team with the best available technology, or select outsourced experts equipped with comprehensive monitoring capabilities.

Watch the video to learn more about optimizing your cybersecurity approach and share with us the strategies your company has implemented to overcome labor challenges in this critical field.

Don't forget to like, comment, and subscribe for more insights on strengthening your cybersecurity framework!

0 0

Can CISOs be held personally liable for third-party breaches? The answer isn't as clear-cut as one might think.

Recently, the SEC took action not only against SolarWinds but also against the CISO personally, alleging false and misleading statements in public filings. This development underscores the heightened scrutiny surrounding cybersecurity disclosures and representations made by CISOs.

When addressing vendor risk management controls in public filings and security audits, are the statements accurate and comprehensive? Are they truly reflective of the measures in place? With potential personal liability looming, CISOs must ensure that their disclosures are not only truthful but also robust.

The SEC's critique of SolarWinds' disclosures as "generic and hypothetical" serves as a reminder for CISOs to reevaluate their approach to cybersecurity disclosures.

Can CISOs strike a balance between transparency and protecting themselves from potential personal liability in the face of regulatory scrutiny?

0 0

Assess, Monitor, and Verify Vendor Risk All in One Platform!

Through advanced automation and intelligent data analysis, ProcessBolt streamlines the entire risk assessment process, providing real-time insights for informed decision-making. This innovative solution empowers businesses to proactively safeguard their operations against potential threats.

3 0

Recent breaches, such as the Bank of America incident involving Infosys, highlight the importance of effective vendor risk management.

With 57,000 customers affected, it's clear that vulnerabilities within vendor networks can have far-reaching consequences.

Using attack surface monitoring tools like Threatscape, we can identify significant and preventable weaknesses in a vendor’s security posture and work to remediate the issues before hackers exploit them.

American Express and Cisco also experienced third-party breaches in the last few months.

It is noteworthy that these are large organizations in highly regulated industries that are struggling with third-party breaches.

We have seen that sophisticated organizations in regulated industries often rely on annual risk assessments to manage vendor risk and do not incorporate new technology and strategies into their programs.

Continuous monitoring of internet-facing attack surfaces is critical to a comprehensive vendor risk management program.

How can companies improve their vendor risk management strategies in light of recent breaches?

3 1

Advancements in technology are making it possible to somewhat accurately predict companies that will be breached.

Through attack surface monitoring, we can identify weaknesses in an organization's attack surface that hackers may ultimately exploit.

Organizations can leverage attack surface data to proactively identify areas of weakness in their vendor network and work to remediate those issues before they are exploited.

Attack surface monitoring, coupled with risk assessments and AI-driven policy analysis, is key to a comprehensive vendor risk management program.

How do you see companies using these advancements to strengthen their risk management strategies?

2 0

Vendor risk management is rapidly evolving. Innovation in vendor risk management is driven by the increasing frequency of third-party breaches and the growing consequences of breaches.

60%+ of data breaches are caused by third parties. The repercussions extend far beyond financial losses, leading to class-action lawsuits and irreparable damage to brand reputation.

Traditional approaches, such as annual security assessments, are no longer enough, and organizations need to take a more proactive approach to managing vendor risk. By using AI to improve security assessments and continuously monitor Internet-facing attack surfaces, businesses can fortify their defense mechanisms and stay ahead of emerging threats.

How do you envision the future of vendor risk management evolving in response to the escalating cybersecurity risks?

2 0