Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

April 2022

What is a Vulnerability?

In cybersecurity, a vulnerability is a weakness that can be exploited by cybercriminals to gain unauthorized access to a computer system. After exploiting a vulnerability, a cyberattack can run malicious code, install malware and even steal sensitive data. Vulnerabilities can be exploited by a variety of methods including SQL injection, buffer overflows, cross-site scripting (XSS) and open-source exploit kits that look for known vulnerabilities and security weaknesses in web applications.

How to Implement a Vendor Risk Management Program

In a threat landscape where organizations outsource vital business processes that leave data security in the hands of third-party information technology, vendor risk management is increasingly important. A 2022 KPMG study found that 73% of survey respondents experienced at least one significant disruption caused by a third party over the past three years.

Top 7 SaaS Security Risks and How to Fix Them

Modern organizations are increasing cloud adoption to reap the operational benefits of outsourcing critical business functions. A 2021 study found that 90% of surveyed organizations now use cloud computing, such as software-as-a-service (SaaS) services. SaaS solutions help organizations achieve vital objectives, such as cost reductions and faster time-to-market. However, like all other digital transformation products, they also introduce cybersecurity risks.

Top 10 Best Practices to Prevent Ransomware Attacks in 2022

As the world of technology grows, so should the cybersecurity practices that protect them. Having a ransomware defense strategy should be a priority for any individual or company. Without it, poorly protected users and organizations can put themselves at risk of losing important and confidential information. A report from Cybersecurity Ventures estimates that there was one ransomware attack every 11 seconds in 2021, resulting in almost $20 billion in damages.

Top 3 Vendor Risk Assessment Frustrations - Can You Relate?

The vendor risk management process is now an essential requirement of all cybersecurity programs. Without it, you're a sitting duck for supply chain attacks and third-party data breaches. In recognition of this, regulatory bodies are increasing their third-party risk compliance requirements and enforcing obedience by threatening heavy financial penalties for non-compliance.

What the Heck is Spring4Shell? The 2min Explanation We All Need

As the digital world continues to rebuild after the Log4j hurricane, the threat landscape is once again disturbed by the rumbling of an approaching zero-day storm. After barely recovering from a zero-day dubbed as the worst hack ever encountered, concerns are understandably heightened, and as a result, there are many misconceptions about the severity of Spring4Shell.

Meeting PCI DSS Third-Party Risk Requirements

Organizations must enact effective third-party risk management (TPRM) programs to ensure their vendors fulfill cybersecurity requirements. Otherwise, they risk carrying the financial and reputational harm caused by customer data breaches. The PCI DSS standard covers aspects of third-party risk management as it's applicable to all organizations that process credit card data, especially the heavily regulated finance industry.

SLACIP: How to Comply with the SOCI ACT Reforms

On March 31, 2022, the Security Legislation Amendment Critical Infrastructure Protection Act 2022, also known as SLACIP, was passed by the Australian Parliament. The SLACIP Act aims to build upon the SOCI Act framework to improve the security of Australia’s critical infrastructures. To learn how the SOCI Act reforms will affect you and for guidance on how to comply with its new risk management requirements, read on.

Ransomware Attacks Vs. Data Breaches: What's the Difference?

Ransomware attacks and data breaches seem to be continuously contending for the top positions in news feeds. But what's the difference between these cyber threats and which should you be most concerned about? For a comprehensive breakdown of each type of cyberattack, read on.

How to Meet the Third-party Risk Requirements of NIST CSF

The National Institute of Standards and Technology (NIST) has issued special publications focused on improving Third-Party Risk Management (TPRM) and Supply Chain Risk Management (SCRM). The NIST Cyber Security Framework (NIST CSF) special publication has become a popular option for its unique applicability to all industries with critical infrastructures. NIST CSF isn’t a light read.

How to Meet Third-party Risk Requirements of NIST 800-161

The National Institute of Standards and Technology (NIST) has produced several publications addressing the different components of information technology security within the NIST 800 computer security series. Compliance across this entire NIST 800 series is expected for all internal and external service providers of government entities - such as the DoD federal agencies.

The Biggest Security Risks in Your Supply Chain in 2022

The SolarWinds supply chain attack highlighted how vulnerable supply chains are to cyberattacks. Supply chain risk mitigation has since become an essential component of risk management strategies and information security programs. To support the success of this effort, we’ve listed the top 4 supply chain security risks you need to be aware of in 2022.