The National Institute of Standards and Technology issued new guidelines to help software developers integrate software supply chain security into every phase of the software development life cycle as experts say organizations are seeking comprehensive guidance on how to accomplish federal mandates.
When a hospital or clinic is hit with a cyberattack, it often seems as if the electronic health record systems just can't win. Even if the EHR system is not the prime target of the attack, it's still frequently taken off line as the organization responds to the incident. What should entities do?
Bank of America is notifying more than 57,000 customers that their information, including Social Security numbers, was potentially compromised in a hacking incident last November at Atlanta, Georgia-based insurance software firm InfoSys McCamish. BoA says none of its systems were affected.
Beyond the hype, AI is transforming cybersecurity by automating threat detection, streamlining incident response and predicting attacker behaviors. Organizations are increasingly deploying AI to protect their data, stay ahead of cybercriminals and build more resilient security systems.
In this videocast interview, Theo Zafirakos, CISO, Terranova Security, provides expert analysis of the "Securing Your Third-Party Supply Chain in 2024 Survey" results, including a deep dive into the core conclusions, including the core detriments of poor visibility of cybersecurity awareness, and how to better...
This white paper covers the key TPRM metric your team needs to track its effectiveness over time, the processes for gathering these metrics and tips for building a business case for your program.
Third-party risk management (TPRM) teams often have to justify the cost of their programs to executive leadership,...
Vendors are a fact of the modern workplace, but they can bring serious security risk to your organization. To secure your organization, it is necessary to keep tabs on the risk posed by your suppliers, third parties and vendors. Thorough due diligence can significantly minimize the chance that your organization...
This white paper provides step-by-step instructions for maturing your third-party risk program by implementing cybersecurity risk management.
TPRM and cybersecurity are closely related: third parties are the greatest risk to cybersecurity, and cybersecurity is the most critical third-party risk domain. By mapping...
Welcome to the report summarizing the survey, "Securing Your
Third-Party Supply Chain Through Security Awareness."
In late fall 2023, Information Security Media Group partnered with Forta's Terranova Security and surveyed over 100
senior cybersecurity professionals to identify:
The top organizational challenges in...
The escalating adoption of generative AI has introduced concerns regarding data privacy, fake data and bias amplification. Ashley Casovan, managing director of the IAPP AI Governance Center, discusses the need to develop governance models and standardize AI systems.
Remote desktop application provider AnyDesk acknowledged that hackers recently had gained unauthorized access to the company's production systems in a cyberattack. The firm said it has revoked all security-related certificates as a precaution and is rolling out a new code-signing certificate.
A Texas-based physical and occupational therapy provider is notifying nearly 4 million patients that they have joined the soaring tally of victims of a data theft incident at a Nevada medical transcription vendor last year. The supply chain hack appears to have affected at least 14 million people.
Federal authorities are warning of attacks on healthcare sector firms that use ConnectWise's remote access tool ScreenConnect. Hackers compromised a locally hosted version of the tool used by a large national pharmacy supply chain and managed services provider in 2023.
Supply chain attacks and zero-day exploits surged in 2023, helping to set yet another record for data breaches tracked by the Identity Theft Resource Center. James E. Lee, COO of the group, explained why the number of compromises grew so dramatically - from 1,801 incidents in 2022 to 3,205 in 2023.
Onboarding, offboarding, ongoing assessments - there are many ways in which Generative AI can augment human oversight of third-party risk management. Ed Thomas of ProcessUnity shares real-world examples of how enterprises are deploying Gen AI to improve TPRM efficiency.