As organizations and businesses undergo digital transformations, so do criminals and other nefarious actors. In today’s modern era, criminal activity frequently occurs online through digital communication channels, providing avenues for phishing, data loss, and security breaches.

Smart homes, connected cars, and smart watches: these are examples of consumer-focused devices in the Internet of Things (IoT). But the Internet of Things extends beyond consumer use as new technologies are implemented in industrial settings and critical infrastructure. With the continuing development of the Internet of Things come new attack surfaces and cybersecurity risk directly related to the IoT.

A vendor risk assessment is a critical element of performing due diligence, helping you vet potential vendors effectively and efficiently during the procurement process and throughout the vendor lifecycle. A thorough risk assessment should help you identify, mitigate, and manage the risks associated with your vendors to ensure you remain compliant, maintain a strong security posture, and avoid a costly third-party data breach.

The United States Department of Veterans Affairs (VA) is a federal agency that provides comprehensive healthcare services, benefits, and support to military veterans and their families. The VA operates a nationwide system of hospitals, clinics, and benefits offices focused on ensuring the health, welfare, and dignity of those who served in the United States armed forces.

The telecommunications sector provides critical infrastructure for many countries, enabling the exchange of information across various industries. Due to the widespread use of digital information in telecommunications, the sector has become a prime target for cyber threats from hackers, state actors, and cyber criminals. In 2023, telecommunications experienced higher credential stuffing rates than other sections, according to F5.

Despite best efforts to accommodate third-party risk management (TPRM) processes that correspond with increased use of third-party vendors, incident outcomes seem to grow as well. The 2023 global average cost of a data breach was USD $4.45M, a 2.3% year over year increase. In the United States, the average cost of a breach is higher at USD $9.48M.

The rise of remote learning has motivated cybercriminals to advance their assault on the education sector. In 2022, cybercriminals deployed more than 2200 attacks against higher education institutions every week, a 44% increase compared to 2021 (Check Point, 2022). Risk professionals attribute this increase to various factors, including the structure of remote learning environments.

Like most high-performing organizations, higher education institutions often utilize third-party vendors to outsource key services, such as data management and research initiatives. This reliance on third-party vendors can lead to various risks, including data privacy vulnerabilities, compliance issues, and operational disruptions. Therefore, universities must implement advanced vendor management processes to mitigate these risks.

Considered the "brain" of industrial automation, programmable logic controllers (PLCs) are an important factor in industrial control systems (ICS), especially for critical infrastructure in the public sector. PLCs are an industrial computer used to control automated devices in a variety of industries, including industrial manufacturing and critical infrastructure. This article offers suggestions for PLC security risks, as well as cybersecurity standards for risk mitigation.

ConnectWise urges organizations using an on-premises installation of the ScreenConnect remote monitoring and management software (formerly known as ConnectWise Control) to update servers to version 23.9.8 immediately due to a critical remote code execution vulnerability. The ScreenConnect remote desktop product is at risk due to a pair of vulnerabilities: CVE-2024-1709 and CVE-2024-1708.