Security News

Despite the 49% of organizations in the report who said they are completing an initial risk assessment before granting access to third parties, these assessments are typically focused on the security controls the organization has in place or the organizational risk score. A third-party organization may pass a risk assessment and be in compliance one day, but an unexpected threat to business operations may push it out of compliance the next.

A third party could present a softer target, creating an opportunity for threat actors to move from that network to their primary target. A third party can actually become the primary target if it holds the sensitive data that threat actors want.

Cyber risk management solutions provider Brinqa this week announced that it received $110 million in growth capital from private equity firm Insight Partners. Bootstrapped and founder-backed since 2009, the company helps organizations gain a better view of cyber risk across their resources, through the seamless integration of security sources into a unified knowledge graph.

Fusion Risk Management announced it has appointed Clifford Chiu and Jeffery J. Weaver to its Board of Directors. "Fusion's ongoing mission is to help our clients remain resilient and deliver on their brand promises. We are thrilled to welcome two leaders of Clifford and Jeffery's caliber to our team as we continue to revolutionize the operational resilience sector," said Michael Campbell, Chief Executive Officer, Fusion.

COVID-19's disruption has stretched risk management infrastructures to the brink, forcing banks to recalibrate their data, models and processes for stress testing, impact assessments, scenario analyses and more. A global risk management survey by SAS and Longitude examines how banks are adapting their risk frameworks in response.

Mandiant Cyber Risk Management Services are designed to address critical business and security requirements to equip executives, boards of directors, and security and cross-functional leaders with risk-based data and advice to build effective and balanced security programs. "When developing a corporate security strategy and program, it is imperative to identify the areas and assets with the highest business value and those with the most significant threats and vulnerabilities. Mandiant Cyber Risk Management Services are designed to balance business and technical considerations and provide executives with risk-based decision support," said Jurgen Kutscher, Executive Vice President, Service Delivery, Mandiant Consulting.

According to a recent study conducted by Forrester Consulting, insider risk management is of greater concern now for 74% of companies than it was before the pandemic. The research explores how companies are currently treating insider risk management and the changes being adopted to pursue a more holistic approach to data risk management as part of zero trust strategies.

Fusion Risk Management announced that it has further strengthened its offerings to help financial institutions meet and exceed new Bank of England, PRA, and FCA regulatory requirements which take effect in early 2022, in addition to the recently formalized guidance shared by the Basel Committee. Fusion's collaborative ENGAGE customer community fosters a common understanding and best practices between those working toward greater operational resilience in financial services.

More concerning is that 44% of companies report not actively tracking supply chain risks, which were the primary pandemic-related third-party risk management impact. Because IT and security teams own third-party risk management in 50% of companies, and likely due to increasing numbers of damaging third-party data breaches, the study illustrates that cybersecurity risks are getting the most attention.

With increasing dependence on third parties in today's interconnected world, vendor security risk assessments are more essential than ever. Failing to do them may result in hefty regulatory fines, legal fees, lost business and reputational damage.