Third-party risk

‘Rhymes with PolarShins:’ Breach investigations linked to partners surged last year, thanks to one event

Joe UchillMay 25, 2022

Supply chain threats are a growing part of the landscape. In a year that included Kaseya, Outlook and SolarWinds, that has never been more clear. But the extraordinarily rapid growth makes predicting future events a little more difficult. Is the spike a one-off based on a single massive event or a new normal?

Remote access

Remote work complicates insider-threat challenge, says ex-Bank of America CIO

Karen HoffmanMay 25, 2022

Former Bank of America CIO David Reilly, who recently joined the boards of Safe Security and Ally Bank, says administrators, employees and third-party vendors add to the risk landscape.

Vulnerability management

CISA calls VMWare vulnerabilities ‘unacceptable risk’ in emergency order to feds

Derek B. JohnsonMay 18, 2022

The cybersecurity agency said there is evidence that malicious hackers were able to reverse engineer an update fixing two of the vulnerabilities within 48 hours to create an exploit for unpatched systems.

Third-party risk

US-EU expand access to cybersecurity tools for small businesses

Steve ZurierMay 16, 2022

The U.S.-EU Trade and Technology Council will foster cybersecurity best practices to small- and medium-sized businesses, a group disproportionately impacted by cyber threats.

Third-party risk

Alliance targets healthcare supply chain cybersecurity risk management in new guide

Jessica DavisMay 12, 2022

New guidance from the Cloud Security Alliance aims to support delivery organizations with assessing and managing cybersecurity risks to the healthcare supply chain.

Ransomware

Healthcare vendor accused of ‘concealed’ ransomware, lengthy service outages

Jessica DavisApril 20, 2022

For the last year, several clients of tech vendor ECL have faced a host of patient safety, service issues, outages, and compliance concerns over what they allege were ‘concealed ransomware’ incidents.

Zero trust

A majority of public sector agencies cite increased concern about third-party risk

Steve ZurierMarch 29, 2022

A CyberRisk Alliance Business Intelligence survey finds that public sector agencies are concerned about their ability to mitigate third-party security risks.

Application security

Senate bill would team up CISA and HHS to improve health cybersecurity

Derek B. JohnsonMarch 25, 2022

The bill would require CISA and HHS to enter into a collaborative agreement around improving cybersecurity in the healthcare and public health sectors, with CISA ultimately charged with defining what that means.

Zero trust

Over 90% of organizations had a security incident linked to a third-party partner in last year

Steve ZurierMarch 23, 2022

A CRA Business Intelligence report points to increased concern over attacks traced to third parties: 66% saw an uptick in third-party security incidents in the last 12 months.

Third-party risk

Lapsus$ group claims Okta supply chain attacks

Joe UchillMarch 22, 2022

The Lapsus$ extortion group posted screenshots to its Telegram channel Monday night they say prove they breached identity management vendor Okta. The group said the Okta breach was not intended to get data from Okta, but instead leverage the access to Okta to attack Okta clients.

Third-party risk

Related events

Client-Side Security: A Critical Component of 3rd Party Risk, Zero-Trust Initiatives, Compliance and More

Your Attack Surface Is Far More Than Just the Tip of the Iceberg

How to Implement Cloud Security That Actually Works: Lessons From the Front Lines

Related Perspectives

What to do about the impending shadow supply chain

Five common security mistakes that development teams make every day

Website security and the overlooked third-party supply chain risk

Briefs

Healthcare facing third-party script cyber risks

Investment round brings $27M for Tidelift

Numerous systems targeted by malicious Python package

‘Rhymes with PolarShins:’ Breach investigations linked to partners surged last year, thanks to one event

Remote work complicates insider-threat challenge, says ex-Bank of America CIO

CISA calls VMWare vulnerabilities ‘unacceptable risk’ in emergency order to feds

US-EU expand access to cybersecurity tools for small businesses

Alliance targets healthcare supply chain cybersecurity risk management in new guide

Healthcare vendor accused of ‘concealed’ ransomware, lengthy service outages

A majority of public sector agencies cite increased concern about third-party risk

Senate bill would team up CISA and HHS to improve health cybersecurity

Over 90% of organizations had a security incident linked to a third-party partner in last year

Lapsus$ group claims Okta supply chain attacks

Third-party risk

Related events

Client-Side Security: A Critical Component of 3rd Party Risk, Zero-Trust Initiatives, Compliance and More

Your Attack Surface Is Far More Than Just the Tip of the Iceberg

How to Implement Cloud Security That Actually Works: Lessons From the Front Lines

Related Perspectives

What to do about the impending shadow supply chain ￼

Five common security mistakes that development teams make every day￼

Website security and the overlooked third-party supply chain risk￼

Briefs

Healthcare facing third-party script cyber risks

Investment round brings $27M for Tidelift

Numerous systems targeted by malicious Python package

‘Rhymes with PolarShins:’ Breach investigations linked to partners surged last year, thanks to one event

Remote work complicates insider-threat challenge, says ex-Bank of America CIO

CISA calls VMWare vulnerabilities ‘unacceptable risk’ in emergency order to feds

US-EU expand access to cybersecurity tools for small businesses

Alliance targets healthcare supply chain cybersecurity risk management in new guide

Healthcare vendor accused of ‘concealed’ ransomware, lengthy service outages

A majority of public sector agencies cite increased concern about third-party risk

Senate bill would team up CISA and HHS to improve health cybersecurity

Over 90% of organizations had a security incident linked to a third-party partner in last year

Lapsus$ group claims Okta supply chain attacks

What to do about the impending shadow supply chain

Five common security mistakes that development teams make every day

Website security and the overlooked third-party supply chain risk