NormShield Blog

What is Your Risk-Based Approach to Third-Party Risk Management?

Knowing and understanding your third party ecosystem and the risk that ecosystem could present to your company should be a critical process in your risk management, if it is not already. An increase in breaches originating via third parties is becoming more impactful to corporate operations. In a recent study, The Ponemon Institute reported that […]

What is a Cyber EcoSystem and why does its security matter?

Continuing our series of third-party risk management (TPRM), this blog’s topic surrounds the cyber ecosystem and how its security matters in relation to third party risk management. In our previous blogs we dove into the TPRM terminology starting with the definitions of “third party”, “risk” and “cyber risk”. Whether it be ERM or TPRM, we […]

A CCPA Perspective into Third-Party Risk Management

Living in a data-driven economy has changed consumers’ lives in an unimaginable way, especially when access to and sharing of the data is a lot easier nowadays. Many companies use data-driven approaches to offer targeted services to consumers. On the consumer side, it is debatable whether these approaches are beneficial or detrimental in ways consumers […]

Major Third-Party Data Breaches Revealed in February 2020

A recent survey conducted by the Ponemon Institute reveals that 53% of organizations have experienced one or more data breaches caused by a third party, costing an average of $7.5 million to remediate. Data breaches caused by third parties cost millions of dollars to large companies and devastating to small businesses. Third-parties are those companies […]

What is “Cyber Risk” in Third-Party Risk Management?

Continuing our series of third-party risk management, this blog’s topic is cyber risk. In a digital world, organizations are exposed to a range of risks resulting from cyber events like phishing, data theft, ransomware, corporate espionage, etc… What’s more, these events might happen beyond the company’s knowledge. Within a company ecosystem, the effect of a […]

What is “Third Party” in Third-Party Risk Management?

Businesses rely on third parties to deliver a service or product to their customers. In a tightly-linked digital world, third-parties are indispensable and inherently risky elements of a digital ecosystem.  Before going deep into the risks they pose to the business, we need to understand the definition and be able to identify the ones critical […]

Monitoring third-parties continuously: A NIST Perspective

NIST released two industry standards to drive security requirements around supply-chain (a.k.a third-party) management. Here’s an overview of the NIST guidelines regarding continuous third-party risk monitoring. NIST 800-53 NIST 800-53 Security and Privacy Controls for Federal Information Systems and Organizations sets out guidelines and controls for protecting the government’s sensitive information as well as citizens’ […]

Major Third-Party Data Breaches Revealed in January 2020

A recent survey conducted by the Ponemon Institute reveals that 53% of organizations have experienced one or more data breaches caused by a third party, costing an average of $7.5 million to remediate. Data breaches caused by third parties cost millions of dollars to large companies and devastating to small businesses. Third-parties are those companies […]

Third-Party Leaks Birth Certificates: Over 750,000 records exposed

Around 750,000 birth certificates applications of U.S citizens were leaked, according to a TechCrunch report. The applications were discovered to be publicly accessible on an AWS cloud platform, with no protection at all. The applications included highly sensitive and personal data including name,  date of birth,  current home address,  email and phone number. On top […]

5 Takeaways from 2019 Third-Party Breaches

2019 has been an instructive year for data breaches caused by a 3rd-party With an onslaught of regulations all around the globe, such as HIPAA, GDPR, and now CCPA coming into effect, data breaches and the following enforcements covered cyber security headlines. Here is a recap of third-party caused data breaches that hit the news […]