Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

upguard

The Vendor Tiering Series: Why Tier Your Vendors

Feb 24, 2026 By Revashni Moodley In UpGuard
The thing about blanket approaches is that they rarely work or scale. The same holds true for third-party cyber risk management. Treating every provider, stakeholder, or partner with the same intensity is neither productive nor cost-effective. While defaulting to treating every vendor at the same risk level is common, it is not a resilient security strategy.
Read Post
cato networks

Beyond Access: How Cato Measures and Manages User Risk in Real Time

Feb 23, 2026 By Dr. Guy Waizel In Cato Networks
On a quiet Tuesday morning, Jerry, a fictional system administrator, logged in as usual. While testing a new integration script, he visited a documentation page on an unfamiliar domain. It looked harmless and loaded without issue, but behind the scenes, Jerry’s laptop began making a series of small outbound requests to several low-reputation domains. None of these connections were malicious enough to be blocked, yet the pattern resembled early-stage domain-flux activity.
Read Post
cycognito

Permission to Ignore: Leveraging the CTEM Framework to Focus on Real Risk

Feb 19, 2026 By Amit Sheps In CyCognito
Security frameworks have always had a gap. They tell you to find vulnerabilities and fix them, but they’ve rarely provided a system to determine which ones actually matter before you tap into your most expensive resource: engineering time. CTEM changes the game by treating security as a continuous lifecycle rather than a series of silos.
Read Post
bitsight

Why Patching Cadence Should Be a Risk Priority in 2026

Feb 19, 2026 By Emma Stevens In BitSight
Patching cadence is a critical component of maintaining an organization’s cybersecurity posture. It refers not just to whether patches are applied, but how quickly and consistently vulnerabilities are addressed across systems and software. A regular, timely patching process reduces the window of exposure to known vulnerabilities, limiting opportunities for exploitation and strengthening overall vulnerability management.
Read Post
sedara

How Companies Can Protect Against Third-Party Risk in 2026

Feb 18, 2026 By Liz Sujka In Sedara
As organizations move deeper into cloud ecosystems, automation, AI integrations, and global supply chains, one truth becomes increasingly clear: In 2026, third-party risk is not just an IT concern. It is a business continuity concern, a regulatory concern, and in many industries, a board-level concern. From software vendors and cloud providers to managed services, payment processors, contractors, and niche business tools, every external connection introduces potential exposure.
Read Post
Arctic Wolf

Human Risk Management and Security Awareness Training

Feb 17, 2026 By Arctic Wolf In Arctic Wolf
A notable statistic continues to shape the cybersecurity research landscape: the human element remains involved in roughly 60% of all confirmed breaches. That’s according to the 2025 Verizon Data Breach Investigations Report (DBIR), which found that social engineering actions like phishing, pretexting, and credential misuse are consistently intertwined with today’s most common attack paths, even when they are not the first visible technical vector.
Read Post
riscosity

Trust in the age of AI for fintech auditors

Feb 17, 2026 By Anirban Banerjee In Riscosity
There is an old saying: Trust, but verify. For Third-Party Risk Management auditors in regulated financial institutions, that principle has never been more relevant. Vendor questionnaires, SOC 2 reports, and annual reassessments are no longer enough. Regulators are moving beyond paper-based oversight and toward operational proof. The new expectation is clear: Show where customer data is actually flowing. Prove that you control it.
Read Post
How Health Risk Assessments Drive Preventive Care and Lower Long-Term Costs?

How Health Risk Assessments Drive Preventive Care and Lower Long-Term Costs?

Feb 17, 2026 By SecuritySenses In SecuritySenses
Health Risk Assessments are increasingly used to support preventive care planning and population health management across healthcare systems.According to the CDC, chronic and mental health conditions account for the majority of U.S. healthcare spending, which exceeds $4 trillion annually.These assessments help identify risks earlier, when interventions are typically more effective and less resource-intensive.
Read Post
Vendor Risk Response: What Happens After a Vendor Risk Is Identified?

Vendor Risk Response: What Happens After a Vendor Risk Is Identified?

Feb 15, 2026 By SecuritySenses In SecuritySenses
In today's interconnected business environment, the relationship between organizations and their third-party vendors is crucial. However, it also introduces a range of risks. Vendor risk refers to the potential vulnerabilities or threats that arise from working with external suppliers, service providers, or partners. These risks can manifest in various forms, including data breaches, financial instability, operational disruptions, or non-compliance with regulations. Once a vendor risk is identified, it's essential to understand the steps that need to be taken to manage and mitigate that risk effectively.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.