A survey revealed that only 34% of companies are confident that they can track vendor logins, while over 37% can track the vendors accessing their system—an indication that vendor security standards are fluctuating. What role does the vendor risk tiering play in all that? Given that businesses interact with over 180 vendors a week, it is understandable that organisations may have … Read More
Fourth-party risk management: What do you need to know?
As organisations rely more and more on third parties to complete certain operational activities, a business’ vendors often contract their own suppliers to provide specific services, creating an unprecedentedly larger, more fragmented supply chain. While you may not work directly with these fourth-party organisations, they play an integral role in your vendor security. Studies show that the number of supply … Read More
The relevance of continuous attack surface management across the supply chain
While supply chain attacks have always undermined the stability and reliability of businesses, in the past few years, we’ve witnessed a disconcerting spike in these incidents, creating a greater level of disruption than previously anticipated. This has been confirmed in a recent study by the European Union Cybersecurity Agency, which revealed that the number of attacks on the supply chain … Read More
Vendor due diligence best practices we can expect to see in 2022
Throughout 2020 and 2021, we saw threats to cybersecurity increase by a significant margin. This led to disastrous cyberattacks all across the world, such as the SolarWinds attack, which undermined company profitability and credibility. Social engineering attacks proved to be particularly devastating with multiple reports revealing that ransomware and phishing attacks were particularly successful in this timeframe. In 2022, we … Read More
How has supplier due diligence responded to modern threats to supply chain
On 2nd July 2021, Kaseya found their data stolen and held for ransom. Those who perpetrated the ransomware attack demanded over $70 million in payment to release the data, but the exposure of over 1500 of their clients to a potential ransomware attack was even more concerning for Kaseya. An investigation into the attack revealed that there was a vulnerability … Read More
The security trends transforming vendor risk management
Third-party data breaches continue to grow at an alarming rate. A survey conducted by the SecureLink and Ponemon Institute revealed that over 44% of organisations suffered a third-party breach in the past 12 months. Out of the organisations that suffered a breach, 74% said that the cause was access given to third parties. The growing incidences of third-party breaches explain … Read More
Third-party vendor management best practices for your security posture
Businesses today are no longer singular entities that operate in silo; regardless of the size and scale of operations, almost every organisation depends on various third parties to carry out their activities without disruption. This also means means the importance of third-party vendor management has increased. To really benefit from outsourcing or specialisation, procurement teams have had to transfer a … Read More
How to ensure vendor security in a hybrid working environment
The pandemic has seen our lives shift from the office to home, bringing new nightmares for IT security heads. The work-from-home culture has created new challenges for businesses as they see their attack surface expand and their cybersecurity needs intensify. How do you ensure your vendor security in a hybrid working environment is still intact? According to the World Economic Forum’s Global Risk Report, in 2020, cybercrime … Read More
The role of CISOs in mitigating supply chain cyber risk
RiskXchange is a respected provider of cybersecurity ratings and can fully assess potential threats to ensure businesses are protected on all fronts. CISOs (Chief Information Security Officer) are crucial when it comes to mitigating supply chain cyber risk in any medium to large-sized organisation. The infamous 2020 SolarWinds attack underlined the need for CISOs to adopt tighter security measures within corporations right … Read More