Three fundamental steps to begin addressing third-party risks

June 21st, 2017

sh_risk-management_750By Byron Acohido

Managing third party risk still does not still does not command a high priority in all too many organizations – even after the apocalyptic Target data breach of 2013 that routed through an HVAC vendor.

But that’s slowly beginning to change. There is a growing recognition of the sprawling exposures that are being shaped as companies increasingly outsource mission-critical IT functions to third parties – suppliers, contractors, hosted services and the like that require network access.

Some 75% of the IT professionals recently surveyed by the Ponemon Institute acknowledged that the risk of a breach from a third part is serious and increasing. And another survey of senior executives by Soha System’s Third Party Advisory Group linked 63% of all data breaches directly or indirectly to access granted suppliers and contractors.

I recently chatted at length with Brad Keller, Prevalent’s Senior Director of Third Party Strategy, about how regulators are moving to light a fire under companies to address third-party risk. We discussed how Prevalent and other security vendors have begun delivering innovative systems to help companies efficiently assess – and continually monitor — third-party risks.

One question Keller told …more


Why WannaCry signals a coming wave of nation-state cyber weapon hacks

sh_ransomware_750-640x360By Byron  Acohido

Companies would be remiss to downplay the profound implications of last month’s headline-grabbing WannaCry ransomware attack.

WannaCry was a mere harbinger; the tip of the iceberg. WannaCry happened a few weeks after the Shadow Brokers hacking collective stole dozens of the National Security Agency’s ace-in-the-hole hacking tools.

Shadow Brokers futilely tried to sell these cyber weapons piecemeal. But after getting no takers, publicly released them. Someone then quickly …more

What you should know about the Top 5 free VPNs

WIA_VPNBy Andrey Doichev

(Editor’s note: Andrey Doichev is a self-described VPN enthusiast who analyses and tests different VPN software. The full version of this article was originally posted here. Commentary and opinions are expressly Doichev’s.)

Who likes FREE Software? I sure do. And I reckon you do too!

In times where ISPs can sell your Internet browsing history to the highest bidder, Internet privacy has  become an imperative. We all know that.

The …more

VIDEO: Why the NIST framework is so fundamental to network security

170614_NIST SLIDE 550 pxBy Byron Acohido

Put aside the cyber threats, which continue to worsen. All any company decision-maker needs to do is pay heed to the intensifying regulatory environment to understand that network security has become a mission-critical operational issue.

Consider that the Colorado Division of Securities is implementing 90 pages of new rules to clarify what financial “broker-dealers” and investment advisers must do in order to protect information …more

In the news: intel confirms Russians executed cyber attacks on election systems, officials

sh_russia-hack_750-640x360(News reports aggregated by Byron Acohido) Russian military intelligence executed a cyber attack on at least one U.S. voting software supplier and sent spear-phishing emails to more than 100 local election officials just days before last November’s presidential election, according to an intelligence report.

The top-secret National Security Agency document analyzes intelligence very recently acquired by the agency about a months-long Russian intelligence cyber effort against elements of the U.S. election and voting infrastructure.

The …more

PODCAST: Why companies should ‘stop fearing the breach’ — and deal with ‘continuous compromises’

170608_Guidance titlepage 199pxBy Byron Acohido

Guidance Software is among the longest-established vendors in the cybersecurity sector. The Pasadena, California-based company got its start in 1997 by pioneering digital forensics software for law enforcement agencies seeking to extract evidence from computer hard drives—evidence that would stand up in court.

Today that core competency remains at the heart of products and services Guidance supplies to government, law enforcement and corporate customers in the …more

PODCAST: Why small- and mid-sized businesses should strongly consider using an MSSP

By Byron Acohido

How Armor got started stands out. Founder and CEO Chris Drake was serving as a paratrooper in the U.S. Army’s 82nd Airborne Division based out of Fort Bragg, North Carolina, when he was selected to build some of the Army’s first private and secure websites.

After his military service, Drake started a marketing and web development company focused on securing critical data and systems for commercial websites. One day a well-known poultry company came to Drake …more