Security News

To select a suitable third-party risk management solution for your business, you need to think about a variety of factors. Third-party risk managers should review the goods or services their business provides, how third parties support different functions of the business, what processes they're involved in and what data they touch.

IDnow announces its participation in the IDunion network, which aims to build an open ecosystem for decentralised identity management. IDnow has joined forces with other industry experts through IDunion to drive a shared vision of digital identities that is aligned with European values and regulations.

Four security vulnerabilities have been uncovered in the Sage X3 enterprise resource planning product, two of which could be chained together as part of an attack sequence to enable adversaries to execute malicious commands and take control of vulnerable systems. The vendor has since rolled out fixes in recent releases for Sage X3 Version 9, Sage X3 HR & Payroll Version 9, Sage X3 Version 11, and Sage X3 Version 12 that were shipped in March.

Even with more businesses rolling out staff security awareness training programs to combat evolving cyber threats, over 90% of data breaches still stem from human error. Training courses are wrongly seen as a silver bullet - Regular training is vital for helping employees strengthen their security behaviour, but computer-based courses are just one tool for tackling human cyber risk.

Bitglass announced it has achieved ISO/IEC 27001:2013 certification for its information security management system supporting the Bitglass CASB system. ISO/IEC 27001 is an information security management system standard published by the International Organization for Standardization and the International Electrotechnical Commission.

David Smith and Bernard Wilson, the US Secret Service agents quoted in the report appendix also pointed to lack of identity management as an ingredient for data breaches in more companies: "Organizations that neglected to implement multi-factor authentication, along with virtual private networks, represented a significant percentage of victims targeted during the pandemic. The zero-trust model for access quickly became a fundamental security requirement rather than a future ideal." Zero trust starts with who you are authenticating and what they should have access to - otherwise called identity trust.

ACI Worldwide announced that its partnership with Swedbank has contributed to a 55 percent decrease in card fraud, helping to improve customer experience and business growth for the Swedish bank. The bank partnered with ACI to enhance its fraud platform with the help of ACI Fraud Management and has transitioned from a rules-based to a holistic fraud management approach - which now applies insights from machine learning and shared data in addition to rules - to exempt low-risk transactions from the SCA requirements.

A comprehensive third-party security program can align your vendor's security with your internal security controls and risk appetite. The right third-party security management platform can be a smart way to get your program off the ground or automate the one you already have in place.

In what's looking like a nasty supply-chain attack, IT management biz Kaseya's on-prem VSA product was abused to infect its customers and/or their customers with ransomware. Kaseya meanwhile initially estimated 40 of its own customers worldwide were infected.

Bitwarden announced a broader set of password management features for enterprises seeking to ensure password security at scale. Admin Password Reset, a new policy feature available to Bitwarden enterprise plan customers, provides designated administrators the ability to reset passwords on end-user accounts if an employee loses or forgets their Bitwarden password.