Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Across today’s interconnected business landscape, organizations are increasing their reliance on third-party vendors and service providers to streamline operations, reduce costs, and access specialized services and expertise. This increased dependency on third parties introduces significant organizational risks, including data privacy violations, operational disruptions, reputational damage, supply chain attacks, and devastating data breaches.

With third-data breaches and their subsequent financial impacts on the rise, Third-Party Risk Management is becoming a non-negotiable inclusion in an organization’s cybersecurity strategy. For those new to this risk management area, this post outlines a high-level framework for applying TPRM principles to a third-party risk context. Learn how UpGuard streamlines Vendor Risk Management >

New insight into ransomware attacks show that cyber attacks are a top concern for organizations – with many not aware they were a victim until after the attack. According to Arctic Wolf’s The State of Cybersecurity: 2024 Trends Report, 91% of reported ransomware attacks included a data exfiltration effort. This is far more than the sub-80% numbers we’ve seen from the Coveware quarterly reports we cover.

Security awareness training (SAT) and simulated phishing works to significantly reduce cybersecurity risk. We have the data, customer testimonials and government recommendations to prove it. Social engineering, especially as enabled by email, text messages, the web and phone calls, is involved in the vast majority of cybersecurity attacks. No other root initial access hacking method comes close.

This month's product updates and enhancements rollup include Issue Auto-Remediation, eTMF – optional artifacts and automatic milestones, and importing credentials from the desktop app for Microsoft Co-editing. Below is a summary of these and other new releases. Visit the articles linked below for more details.

dYdX is a leading decentralized finance protocol that focuses on perpetual derivatives trading. dYdX focuses on investment tools like perpetual futures (a type of derivative that allows traders to speculate on the price of a crypto asset without owning it). The dYdX Chain distributes 100% of protocol fees to DYDX Stakers for bolstering the dYdX Chain’s security. Fireblocks offers secure and efficient access to dYdX’s decentralized exchange features.

Attending industry events is quite possibly one of the most important requirements of running a successful managed service provider (MSP) business. Why? On the one hand, a few days away from the day-to-day grind of running your MSP to instead network with your peers and enjoy some MSP swag seems like the perfect opportunity to unwind while staying connected. On the other (equally as important!) hand is all the great learning going on.

Note: This vulnerability remains under active exploitation, and Kroll experts are investigating. If further details are uncovered by our team, updates will be made to the Kroll Cyber Risk blog. A critical zero-day vulnerability, being tracked as CVE-2024-24919, has been discovered and patched in a number of Check Point products. This vulnerability has a CVSS score of 8.6 assigned by Check Point and is actively being exploited in the wild with proof of concept (POC) exploits available.

One of the biggest SIEM management problems SOC teams face is that they are often overwhelmed by false positives, leading to analyst fatigue and visibility gaps. In addition to that, one of the toughest challenges in security is detecting when SaaS access tokens are compromised without adding to the false positive problem. At Elastic, the InfoSec team tackles both of these issues by automating SIEM alert investigations with tools like Tines.