Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Today, we're taking a big step toward making trust management even easier for our customers: Vanta has acquired Riskey, a company leading the way in real-time third-party risk monitoring. Their continuous vendor monitoring and alerting will soon be part of Vanta’s Vendor Risk Management product. ‍ Managing vendor risk is more important than ever.

As AI capabilities grow, organizations are adopting it for compliance monitoring, risk analysis, and data processing. However, increased use also introduces new risks, making strict regulation essential, especially in sectors where sensitive data is involved—like finance, insurance, and healthcare. Mishandling this information can lead to reputational damage, legal action, or hefty fines.

Security maturity means different things to different organizations, but the one constant is that it needs to be structured. By consistently assessing where you stand and where you need to go against a solid framework, you're able to take what seems like an impossible goal and break it down into achievable and actionable checkpoints that actually move the needle. ‍ The key to making this work isn't just having the right framework but making sure the right stakeholders are involved in the process.

HIPAA violations don’t always come from malicious attacks or headline-making data breaches. More often, they stem from everyday mistakes, like misdirected emails and vendors that aren’t as secure as they seem. Even small slip-ups can expose protected health information (PHI) and invite major consequences. ‍ In today’s complex compliance landscape, those mistakes are alarmingly common.

Audits are hard enough. Chasing down duplicate evidence across systems shouldn’t be part of the process. We’re excited to announce we’ve joined Fieldguide’s open ecosystem, the industry-leading AI-powered platform built for top global CPA firms and enterprise-focused audit providers. ‍ This integration is designed to reduce friction, eliminate redundant work, and help both companies and auditors complete reviews more efficiently with streamlined communications.

In 2010, the Australian Signals Directorate (ASD) developed a set of prioritised threat mitigation strategies to provide cybersecurity guidance to government agencies and organisations. Over time, eight of those strategies proved to be the most effective and were formalised into the Essential Eight (E8) framework, officially published in 2017.

Implementing Essential Eight (E8) is mandatory for in-scope organisations, such as government agencies, critical infrastructure providers, and other non-corporate Commonwealth entities (NCEs). ‍ Even if your organisation isn’t scoped by the framework, aligning with E8 is recommended because it outlines the baseline requirements for defending against cyber threats.