Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On November 20, the Idaho National Laboratory (INL) confirmed that it had suffered a data breach. The confirmation followed the SiegedSec threat actor group’s circulation of claims that it had “accessed hundreds of thousands of user, employee and citizen data” on social media and hacking forums.

The SecurityScorecard Threat Research, Intelligence, Knowledge, and Engagement (STRIKE) Team has conducted further research into the indicators of compromise (IoCs) that SysAid shared when disclosing a new vulnerability in its on-premise software last month.

In the rapidly evolving digital landscape, the importance of a well-constructed cybersecurity plan cannot be overstated. However, the effectiveness of any cybersecurity strategy significantly depends on how well it integrates threat intelligence. Threat intelligence involves understanding, analyzing, and using knowledge about existing and potential cyber threats to make informed security decisions.

Do you know what percentage of your vendors are at higher risk of ransomware attack? Can you drill-in to see exactly who? Or more importantly, why? Or how effective your vendor program has been in reducing risk to the business over the last 12 months? In the ever-connected world of partners and suppliers, vendors and even more vendors, the line between ‘their risk’ and ‘your risk’ disappeared. And what security and compliance teams need more of is not more data, but insights.

On November 25, the U.S. municipal water authority in Aliquippa, Pennsylvania confirmed that one of its booster stations had suffered an attack by a threat actor group that supports Iranian geopolitical interests. The attack by a cyber group known as CyberAv3ngers compromised a programmable logic controller (PLC) for a water pressure monitoring and regulation system. Officials, however, have made it clear that the incident did not threaten local drinking water or water supplies.

In today’s interconnected business environment, third-party partnerships are essential for growth and operational efficiency. However, these collaborations bring inherent risks, especially in the realm of cybersecurity. Effective third-party risk management is crucial for safeguarding sensitive data and maintaining business continuity.

In an era where businesses are increasingly reliant on third-party vendors for essential services, the significance of a resilient third-party risk management program cannot be overstated. Third-party partnerships can expose organizations to various risks, especially in the domain of cybersecurity. This guide aims to help businesses in building a robust third-party risk management program that is adaptable to the ever-evolving landscape of cyber threats and dynamic business needs.

The global marketplace faces an increasingly destructive cyber risk landscape each year, and 2024 is set to confirm this trend. The cost of data breaches alone is expected to reach $5 trillion, a growth of 11 percent from 2023. As technology advances, attackers continue to develop new, more sophisticated methods for infiltrating systems and exploiting vulnerabilities. ‍ Amongst cyber experts, it is now widely acknowledged that the question of an attack is not ‘if’ but ‘when.’

Modern business is synonymous with third-party relationships. Organizations now rely on external providers for critical services and outsource essential responsibilities to improve operational efficiency and cut costs. The benefits of third-party vendors are clear, but so are the risks. The average organization has expanded and digitized its supply chain over the last few years while simultaneously increasing its risk profile and subjecting itself to new levels of risk.

As companies use more tools and features, employee security risks grow too. While we all know email is a big target for attackers, it’s important to remember that email is not the only risk vector. Email is just one piece of the puzzle, which is why it is crucial to consider a wide range of employee security behaviours to get a holistic view of your risks. By doing so, you can focus resources more efficiently. Human Risk Management (HRM) is a vital part of cyber security in the workplace.