NormShield Blog

Monitoring third-parties continuously: A NIST Perspective

NIST released two industry standards to drive security requirements around supply-chain (a.k.a third-party) management. Here’s an overview of the NIST guidelines regarding continuous third-party risk monitoring. NIST 800-53 NIST 800-53 Security and Privacy Controls for Federal Information Systems and Organizations sets out guidelines and controls for protecting the government’s sensitive information as well as citizens’ […]

Major Third-Party Data Breaches Revealed in January 2020

A recent survey conducted by the Ponemon Institute reveals that 53% of organizations have experienced one or more data breaches caused by a third party, costing an average of $7.5 million to remediate. Data breaches caused by third parties cost millions of dollars to large companies and devastating to small businesses. Third-parties are those companies […]

Third-Party Leaks Birth Certificates: Over 750,000 records exposed

Around 750,000 birth certificates applications of U.S citizens were leaked, according to a TechCrunch report. The applications were discovered to be publicly accessible on an AWS cloud platform, with no protection at all. The applications included highly sensitive and personal data including name,  date of birth,  current home address,  email and phone number. On top […]

5 Takeaways from 2019 Third-Party Breaches

2019 has been an instructive year for data breaches caused by a 3rd-party With an onslaught of regulations all around the globe, such as HIPAA, GDPR, and now CCPA coming into effect, data breaches and the following enforcements covered cyber security headlines. Here is a recap of third-party caused data breaches that hit the news […]

Cyber Nightmares of 2019: The Breach, The Fine and The Reputation

2019 has been a year of massive cyber incidents. Not only have attackers evolved their techniques pushing the limits of AI but they also started to leverage the highest RoI based on the lessons learned from 2018. With millions of records exposed, including personal health information (PHI) and financial data, account breached and reputations damaged, […]

Top Ten Data Breaches Caused by a Third Party in the Last Decade

Many large organizations and enterprises have been heavily investing in cybersecurity since the beginning of the digital era. Adversaries have also improved their attack methodologies to infiltrate the systems of their target organization. In the last decade, we have seen that companies experienced a cyber incident or a data breach due to a vulnerability or […]

Major Third-Party Data Breaches Revealed in December 2019

A recent survey conducted by the Ponemon Institute reveals that 59% of companies have experienced a third-party breach in 2018 and 2019, which is an increase of 3% compared to the previous year. Data breaches caused by third parties cost millions of dollars to large companies and devastating to small businesses. Third-parties are those companies […]

What exactly does the term RISK mean to you?

I attended a virtual conference recently that was focused on Third Party Risk.During the conference, participants talked about Risk, Continuous Monitoring and Assessment Management. Without fail the word “risk” came up numerous times and in multiple contexts. Inherent risk, residual risk, tiering methodologies, cyber security and third party risk. Mitigation of risk was a common […]

Pentest vs. Security Rating Services

The Security Rating services allow you to measure your organization’s (or the organizations’ that you work with) data-based cybersecurity performance. For instance, Normshield provides a cyber risk score that shows you what you look like in cyber space from outside, simply by accessing your assets in the digital world, allowing you to access vulnerabilities and […]

Another Bucket Leak: Third-Party PR Firm Serving Top-Name Brands Exposed Customers’ Data

Another Bucket Leak: Third-Party PR Firm Serving Top-Name Brands Exposed Customers’ Data

IPR, a PR company that provides CM software as well as marketing services to top-name brands,  exposed customers’ sensitive data through a publicly-accessible Amazon S3 bucket database, according to a recent news report(*). Among the sensitive information leaked through the bucket, there were details of 477,000 clients’ media contacts, business account information, 35,000 hashed user […]