Insights blog.

Federal technology contractors hold the keys to our nation’s security in their networks, servers, and databases. Yet, recent incidents point to worrisome vulnerabilities that indicate increased cyber risk to defense contractors and the supply chain. 

Cybersecurity is a priority for many organizations these days, but one sector of particular concern is healthcare.

Third-party vendors are an essential part of today’s business ecosystem. A study by Gartner finds that, in 2019, 60% of organizations work with more than 1,000 third parties and those networks are only expected to grow.

Companies must build a “trust and verify” strategy when it comes to managing third party risk. Requesting documentation about a supplier’s security performance is good – but how can you verify it? How can you continuously review performance?

On October 20th, 2019, authorities in India confirmed that one of its nuclear power plants had been hacked. The malware attack on the Kudankulam Nuclear Power Plant (KKNPP), first noticed on September 4th, has since been attributed to the North Korean state-sponsored threat group known as Lazarus.

Cyber risk and regulatory compliance are two sides of the same coin in the Financial Services sector. Together, they spur Financial Services companies to take action to protect customers, their business and the global financial ecosystem from the malicious cyber attacks or the risk of critical system failures.

The evolution of the technology environment and related security threats is so fast paced it often seems businesses and regulators are playing an endless game of catch-up.

As retailers and consumers across the country begin gearing up for the 2019 holiday shopping season, hackers are also preparing for the days between Thanksgiving and Christmas. And all signs point to ransomware as their preferred method of attack.

The regulatory environment is evolving rapidly as national and international regulatory bodies attempt to keep pace with changing business models, technology infrastructure and continuously escalating cyberthreats. 

2019 has been a year of high-profile attacks, and, as we predicted, it’s only getting worse. That’s certainly the case for Airbus.

An effective third party cyber risk management program both identifies potential threats and finds ways to mitigate them. Organizations should aspire to the highest possible standards when it comes to their security posture. To do so, they must leverage the best technology, efficiently allocate resources, and strive for continual improvement.

In his 2015 State of the Union Address, President Barack Obama mentioned the importance of improving America's cybersecurity and what he believes it will take to make it happen. Below is a review of the most interesting statements and initiatives mentioned in the address or recent media coverage, and the potential impact each could have on American Information Security.

Ever since the JPMorgan Chase breach was made public, companies have been watching closely to see the aftermath, the bank's course of action, and any best practices that may be developed as a result.

Questionnaires have been a key part of third-party risk management programs for decades. And, until recently, they were the primary way businesses checked up on the cybersecurity performance of their third-party vendors. 

As more and more details surrounding the Target breach continue to unfold, it's becoming evident just how complicated it can be for investigators and journalists to follow the trail of evidence left behind. The latest reports suggest that one or more business partners were used by the attackers to gain access to Target's systems. Below is a summary of top stories which provide insight into the tangled web of third party vendors and suppliers which may have left Target vulnerable to attack, highlighting just how esstential it is for organizations to be aware of their third party risks.