Third-Party Risk in Regulations
Many companies rely on regulations created by trustworthy organizations to check their cyber security measurements. Compliance to these regulations helps companies and organizations to improve their security posture and they present themselves as “secure”. Lack of compliance may impose very high penalties and reputation loss. Even though compliance-aware organizations meet well-known and regulated-by-law standards, they may still suffer penalties due to 3rd party vendors’ lack of compliance. Since 3rd party attacks (aka supply chain attacks) are on the rise recently, we examine the perspective of regulations (such as GDPR, NIST, ISO 27001, PCI DSS, HIPAA, and COBIT) on 3rd party cyber risk management.
Recent breach of TicketMaster(*) originated from a 3rd party supplier for their website have increased attention to 3rd party risk. Recently, we have heard similar stories about breaches because of 3rd parties such as vendors, subsidiaries, web hosting companies, law firm partners, firms in supply chain, etc.
2018 Guide to Select 3rd Party Cyber-Risk Assessment Tool
A recent survey conducted by Ponemon Institute reveals that 56% of companies have experienced a 3rd-party breach in 2017, which is an increase of 7% compared to previous year. Another survey conducted by Deloitte in 2016 was more depressive, reporting that 87% of organizations have experienced a disruptive incident with third-parties in the last 2-3 years. Another research in 2016, sourced by Soha Systems, reports that 63% of all breaches were related to third parties.
The findings in these studies confirm that third-party cyber risk assessment is a must. The goal of this paper is to provide a review on third-party cyber risk assessment/scoring tools that automatically gather and analyze open source data and provide a risk score/security rating.
2018 3rd Party Cyber Risk Report
Matt, CISO of a large company, comes to office on Friday. He is a very successful Chief of Information Security Office and he is very confident of capabilities of his team. They handle all vulnerabilities inside their own system, continuously scan and monitor their system, they use cutting-edge security tools such as firewalls, WAFs, IDS/IPS, and Data Leak Protection technologies.
The cyber security awareness of the employees is quite high and they do everything to avoid phishing-type attacks. The possibility that something goes wrong is very low. However, that Friday morning, when Matt looks at online news, he shockingly discovers that many of their client information is leaked.
Is Your Money Safer in Cryptocurrency Exchange Markets than Banks?
Crypto coins are the new mean of investment and shopping and their exchange volume increases exponentially. There are many exchange markets handles these investments.
However, the question of resiliency of these markets is on the rise with recent attacks. In 2014, one of the largest crypto coin exchange market, Mt. Gox which was handling 70% of all bitcoin transactions back then, was hacked and lost $473 million resulting its closure and most dramatic fells in BTC. In 2016, Bitfinex suffered due to a cyber attack resulted in 120,000 BTC (≈$72 million back then). In January 2018, as the biggest cryptocurrency hack, more than half billion dollars was stolen from Coincheck.
2018 Cyber Security Risk Brief
We analyzed more than 100,000 live assets from over 200 companies to find out which industries are at the head of the class, who needs to get their grades up, and the threats that everyone needs to address.
Trends and Insights from Cyber Risk Scorecard Key Data Points Includes detailed external security risk data from cyber risk scoring for: 5127 organizations across multiple industries. Over 1,000,000 active assets on the Internet, including web and network devices.
When DNS is compromised by a hacker, a user’s legitimate application request is redirected to a different network host, possibly with malicious intent…