Creating A Successful Third Party Risk Management Program

As digital transformation picks up pace, companies are working with more vendors than ever. According to Gartner, 60% of organizations now work with more than 1,000 third-party vendors — including partners, sub-contractors, and suppliers. These third parties are essential to helping businesses grow and stay competitive, but third parties can also introduce unwanted cyber risk and overhead into the organization.

What is an incident response plan (IRP) and how effective is your incident response posture?

As everyone looks about, sirens begin to sound, creating a sense of urgency; they only have a split second to determine what to do next. The announcer repeats himself over the loudspeaker in short bursts... This is not a drill; report to your individual formations and proceed to the allocated zone by following the numbers on your squad leader's red cap. I take a breather and contemplate whether this is an evacuation. What underlying danger is entering our daily activities? 1…2….3….

What is the difference between traditional antivirus and EDR?

The multiplicity of devices and the need to access network resources from anywhere has blurred the traditional security perimeter and extended it beyond the office, making endpoint security an essential pillar of a company's cybersecurity strategy. Both antivirus (AV) and endpoint detection and response (EDR) solutions are designed to secure devices. However, these solutions provide very different levels of protection.

Why SOC 2 is an Industry Standard

SOC 2 (Service Organization Control 2) provides a framework for assessing and reporting on the security, availability, processing integrity, confidentiality, and privacy of systems and data of service organizations. It was developed by the American Institute of Certified Public Accountants (AICPA) to address the need for consistent and comprehensive security and privacy controls in service organizations.

CVE-2022-31199: Truebot Malware Campaign Actively Exploiting Netwrix Auditor RCE Vulnerability

On the 6th of July 2023, a joint advisory was published by CISA, the FBI, and CCCS (Canadian Center for Cyber Security) warning of a malware campaign actively exploiting a Remote Code Execution (RCE) vulnerability in Netwrix Auditor (CVE-2022-31199) for initial access.

USAA Insurance Suffered a Serious Breach Exposing Thousands

USAA Auto Insurance is one of the leading insurance companies in the country today and is known for offering reliable coverage to many people in the country. The organization was founded in 1922 with a group of Army officers and has since expanded dramatically. The organization serves millions of individuals and has detailed information for so many customers that it's a real risk that the company recently went through a data breach.

Concerned About Sensitive Data Loss? Opti9 to the Rescue

A strong misconception abounds that managed providers are impervious to data loss. The truth, however, is that accidents can happen at any time, to any business. Finding a provider that takes data backup and protection seriously, therefore, is critical to the well-being of your business. Opti9—a leading provider of managed cloud solutions—is one company that is addressing this problem head-on.

Weekly Cybersecurity Recap July 7

It has been another significant week for data breaches in the United States. TSMC, the largest semiconductor company in the world, was hit by an attack that will impact major companies like Apple and others, and so were a huge number of insurance companies. Jackson NAtional, Talcott Resolution, and USAA were all victims of data breaches. So was UCLA, the massive public university.