third party Tag

How Auditors Can Make Compliance Programs More Effective

When conducting an audit of your cybersecurity plans, it’s important to reassess risk and evaluate whether established policies and procedures are both effective and actionable. To aid in cyber compliance, CSO Online said the updated compliance guidelines issued by the Department of Justice, “has particular relevance to the cybersecurity practices of organizations when it comes to, for example, data breach and other security-related lawsuits.” Essentially, the document outlines how to assess, “whether a particular compliance program works in practice.” Toward that end, the guidelines pose three questions that every compliance...

Share Post
Broken Security Promises and the Big Threat from Smaller Partners

Broken Security Promises and the Big Threat from Smaller Partners

When two companies are directly connected to each other, they need to believe that the other is doing all it can to shore up its defenses. What happens, though, when the relationship between two companies is distinctively different and imbalanced because of size. Enterprises, while often the target of sophisticated actors, have a sizable IT and security budget that allows them to build defense in depth. That’s not always the case for small businesses, which leaves them vulnerable to cyberattacks.  The US Small Business Administration recently reported, “88% of small business...

Share Post

Human Fallibility: A Threat that Flows Through Your Entire Downline

Earlier this year Dark Reading published a six part series, “Cybersecurity and the Human Element: We’re All Fallible,” in which the authors examined common mistakes of end users as well as the potential repercussions of human error. All signs supported their claim that we are indeed all fallible. Human beings are vulnerable to exploitation, but security practitioners know this. Thus, it's not really human beings that are the problem. The greater threat is that when attackers are successful through this vector, malware can infiltrate the network and hide out completely...

Share Post
What’s Missing in Third-Party Risk Assessments

What’s Missing in Third-Party Risk Assessments

Assessments are important. You’d be hard pressed to find any cybersecurity professional who would argue they aren’t needed, but the problem with third-party risk assessments is that they are far from comprehensive. Understanding the hygiene and potential vulnerabilities of an organization is incredibly important. But it doesn’t reveal the full picture.  Point-in-time assessment of an organization is not enough because it doesn’t offer an exhaustive understanding of the risks. There are dynamic--and often undetected--problems specific to malware delivered by extremely sophisticated and versatile threat actors. These actors have the ability to...

Share Post

How Effective Are Your Security Investments?

According to the annual ESG survey, 60% of companies said they were targeted with a ransomware attack in 2019. Not surprisingly, those organizations are looking to augment their cybersecurity tools and processes. Defense in depth has long been touted as a reliable approach to securing the enterprise, and the strategy of adding layers has led to increased security spend. Notably, “62% of organizations will increase their security spending in 2020, continuing a multi-year boom in security technology investments,” the report said.  The Risks of Too Many Layers Spending more money on security...

Share Post