What you should know about the SEC's new rules on risk management and incident reporting.

The rise of remote learning has motivated cybercriminals to advance their assault on the education sector. In 2022, cybercriminals deployed more than 2200 attacks against higher education institutions every week, a 44% increase compared to 2021 (Check Point, 2022). Risk professionals attribute this increase to various factors, including the structure of remote learning environments.

Like most high-performing organizations, higher education institutions often utilize third-party vendors to outsource key services, such as data management and research initiatives. This reliance on third-party vendors can lead to various risks, including data privacy vulnerabilities, compliance issues, and operational disruptions. Therefore, universities must implement advanced vendor management processes to mitigate these risks.

As organizations increasingly rely on third-party service providers for critical business functions, evaluating and monitoring those providers’ SOC 2 reports have become an important part of vendor risk management.

As cybersecurity leaders, we're all too familiar with the challenges posed by Shadow IT—a persistent thorn in the side of IT and security teams worldwide. And when high-profile supply chain attacks make headlines, the urgency to understand our reliance on third parties becomes all too real.

Semgrep is a leading static application security testing (SAST) tool powered by an open-source community for surfacing bugs, discovering vulnerabilities, and enforcing code standards. Semgrep has scanned over 75 million packages, contributed to 2000 community rules, and supports over 30 coding languages. Riscosity is the leading data flow observability and security platform. This is why we’re excited to announce Ricosity’s new integration with Semgrep.

Insecure software is significantly impacting our world. In a recent statement, CISA Director Jen Easterly declared: “Features and speed to market have been prioritized against security, leaving our nation vulnerable to cyber invasion. That has to stop... We are at a critical juncture for our national security.”

The SecurityScorecard Global Third-Party Breach Report uses the world’s largest proprietary risk and threat dataset to provide unique insights into the intricate web of supply chain vulnerabilities exploited by ransomware groups. As the digital landscape continues to evolve, so too do the tactics of cyber adversaries. Ransomware groups, in particular, have honed in on a prime target: the software supply chain.

It’s no longer a question of ‘if’, but ‘when’ and ‘how’ cyber threats will target an organization. This reality demands a proactive approach to digital security. Recent data shows that over 85% of organizations have experienced a cyber attack supporting this need for vigilance. These incidents range from data breaches to brand impersonation, each carrying significant risks to business integrity and continuity.

A Statement of Applicability (SOA) is a document you draft as part of achieving compliance with ISO 27001 and other ISO standards. The SOA reviews the internal controls you have decided to include in your information security management system (ISMS) and why you selected those controls. Writing a thoughtful, comprehensive SOA is crucial to your ISO 27001 compliance journey.