A survey revealed that only 34% of companies are confident that they can track vendor logins, while over 37% can track the vendors accessing their system—an indication that vendor security standards are fluctuating. What role does the vendor risk tiering play in all that? Given that businesses interact with over 180 vendors a week, it is understandable that organisations may have … Read More
Fourth-party risk management: What do you need to know?
As organisations rely more and more on third parties to complete certain operational activities, a business’ vendors often contract their own suppliers to provide specific services, creating an unprecedentedly larger, more fragmented supply chain. While you may not work directly with these fourth-party organisations, they play an integral role in your vendor security. Studies show that the number of supply … Read More
Reduce cyber exposure of your company in a digital ecosystem
RiskXchange uses data-driven insights to prevent breaches and reduce an attack surface. Cyber exposure – the vulnerabilities created when we use computers or network technology – grows and expands over time. It’s not static. And as the number of cyberattacks increase, it’s never been as important as it is now to stay on top of your organisation’s cybersecurity posture. According … Read More
Social engineering attacks: What is a whaling attack?
In 2016, FACC CEO Walter Stephen fell victim to a whaling attack where fraudsters used his credentials to authorise a substantial cash transfer that cost the corporation over $56 million. In the same year, a prominent Seagate executive suffered a similar data breach, exposing employees’ W-2 forms. Over 10,000 current and former Seagate workers had sensitive information, such as their … Read More
PrintNightmare: Understanding the Windows Print Spooler vulnerability
RiskXchange provides full visibility over your eco-systems’ entire attack surface in near real-time to avoid vulnerabilities like PrintNightmare. Researchers at Sangfor Technologies accidentally published a proof-of-concept (PoC) exploit recently for a new and unpatched vulnerability affecting the Print Spooler service on newer versions of Windows. Although the PoC was deleted soon after its publication, the damage was already widespread. The … Read More
How can you protect your operations from a domain hijacking attack?
In 2014, the owner of the website domain MLA.com lost all their traffic and transactions overnight because its domain name was hijacked and all visitors were redirected to a fabricated website. In addition to lost traffic, they also lost all administrative access to the website—next to nothing could be done to resolve the issue. While the owner eventually recovered access, … Read More
What should you cover during a cloud security audit?
RiskXchange generates objective and quantitative reporting on a company’s cyber security risk and performance for your cloud security audit. The 2021 Verizon Data Breach Investigations Report (DBIR) highlights that 73 percent of cyberattacks involved cloud assets during 2020, which is a dramatic increase from the 27 percent recorded in 2019. Not only does this show that cloud security incidents and … Read More