Supply chain security has been a top concern for risk management leaders ever since the high-profile attacks to SolarWinds and Log4j took place. While there's no one-size-fits-all way to identify, assess, and manage cyber risks in the supply chain, MITRE's System of Trust Framework offers a comprehensive, consistent, and repeatable methodology for evaluating suppliers, supplies, and service providers alike.

Digital infrastructure is the foundation of a modern, connected organization. It encompasses connectivity, cloud, compute, security, storage, applications, databases, IoT, remote networks, and more. Once housed on premises, this infrastructure now extends across regions, offices, work-from-anywhere environments—and across the third-party providers who make digital transformation possible. Securing this digital infrastructure is a growing challenge.

The other week, Bitsight released a piece of high-profile research alerting the public to a high-severity vulnerability potentially allowing attackers to launch one of the most powerful Denial-of-Service (DoS) attacks in history. Here’s a summary of what happened and why it matters: Security leaders are asking “now what?” and Bitsight has answers.

Market pressures and growth opportunities are accelerating digital transformation. According to Gartner, 89 percent of board directors say digital is embedded in all business growth strategies. Meanwhile 99 percent say that digital transformation has had a positive impact on profitability and performance (KPMG). The cloud, connected IoT devices, and remote work capabilities are the cornerstones of digital transformation.

When a hacker breaches a network or system, data exfiltration often follows. But what is data exfiltration and how can you prevent it?

Third-party vendors are a vital part of your business ecosystem. But if you’re not careful, these companies can introduce cyber risk. The SolarWinds supply chain hack is a notable example of the jeopardy that even the most trusted partnerships can yield. But with so many moving parts, creating a supplier risk management plan – and executing on it – can be a challenging and arduous task. According to Gartner, 60% of organizations work with more than 1,000 third-party vendors.

Your organization’s cybersecurity ecosystem is complex. It covers a wide range of internal digital assets but also extends beyond the network perimeter to other entities, such as vendors, suppliers, and cloud service providers—making you increasingly vulnerable to cyber risk. To secure this ecosystem, you need both an outside-in and inside-out perspective of vulnerabilities and risks.

Just as your organization thinks it is prepared, new cyber threats appear. In March 2023, the European Union Agency for Cybersecurity (ENISA) published its list of the 10 top cybersecurity threats to emerge by 2030.

SOC 2 reports evaluate internal controls to see how well a company identifies, assesses, mitigates, and monitors risks. In the context of third-party risk management (TPRM), a SOC 2 can give you confidence that your critical vendors are following best practices to protect your data. If you’re getting started with SOC 2 for third-party risk management or need an update, this blog has got you covered.

Cyber attacks aren’t just on the rise; they are skyrocketing. Incidents of ransomware alone nearly doubled last year. A new study by CrowdStrike finds that ransomware-related data leaks increased by 82% in 2021. Furthermore, ransom demands now average $6.1 million per incident, a 36% increase from 2020. Clearly, reacting to and remediating security threats when they arise is not going to cut it anymore.