5 Enlightening Statistics About Third-Party Cyber Risk
Dec 2018
Carbon Black reports that half of todays attacks leverage “island hopping”, a method which attackers use third-party providers to infiltrate the target company. Bomgar reports that two third of security professionals believe that they have been possibly or definitely breached through a third party. Continuously Monitor Your ThirdParty Cyber Risk;
Your ecosystem multiplies your cyber risk and it is important to know how secure your vendors are. We can help. [email protected] PwC report shows that many organizations are at the beginner level on data governance and do not take key measures to prevent third-party data breaches.
Download White Paper
Are There Any Domains Impersonating Your Company For Phishing?
Nov 2018
Phishing domains are exploited to target not only employees but also customers. Even though companies cannot be directly held responsible for customers deceived by phishing scams, it is a loss of reputation when a company does not take necessary measures. Name-blending (look-alike) phishing domains often swapeasily-confused letters (“u” and “v” or “t” and “f”) and/orput additional characters in the domain (ex-ample.com forexample.com). These typo-squatting techniques are quiteefficient for attackers. Today, phishing domains even havevalid SSL or TLS certificates to lure their targets.
Download White Paper
NormShield Cyber Risk Rating
Oct 2018
There are different tools to assess cyber risk of your ecosystem that consists of your company’s third-party vendors. Why NormShield? Because, NormShield provides full and continuous visibility to your entire supply chain and you can save TIME & THOUSANDS.
Download White Paper
NormShield vs. Classical Solutions for Supply Chain Risk Management
Oct 2018
Old-school questionnaire methods to determine supply chain risk management and assess third party risk are usually ineffective and provide limited intelligence. NormShield Cyber Risk Scorecards improve management of supply chain risk management while saving time and money.
Download White Paper
Third-Party Risk in Regulations
Aug 2018
Many companies rely on regulations created by trustworthy organizations to check their cyber security measurements. Compliance to these regulations helps companies and organizations to improve their security posture and they present themselves as “secure”. Lack of compliance may impose very high penalties and reputation loss. Even though compliance-aware organizations meet well-known and regulated-by-law standards, they may still suffer penalties due to 3rd party vendors’ lack of compliance. Since 3rd party attacks (aka supply chain attacks) are on the rise recently, we examine the perspective of regulations (such as GDPR, NIST, ISO 27001, PCI DSS, HIPAA, and COBIT) on 3rd party cyber risk management.
Recent breach of TicketMaster(*) originated from a 3rd party supplier for their website have increased attention to 3rd party risk. Recently, we have heard similar stories about breaches because of 3rd parties such as vendors, subsidiaries, web hosting companies, law firm partners, firms in supply chain, etc.
Download White Paper
2018 Guide to Select 3rd Party Cyber-Risk Assessment Tool
Jun 2018
A recent survey conducted by Ponemon Institute reveals that 56% of companies have experienced a 3rd-party breach in 2017, which is an increase of 7% compared to previous year. Another survey conducted by Deloitte in 2016 was more depressive, reporting that 87% of organizations have experienced a disruptive incident with third-parties in the last 2-3 years. Another research in 2016, sourced by Soha Systems, reports that 63% of all breaches were related to third parties.
The findings in these studies confirm that third-party cyber risk assessment is a must. The goal of this paper is to provide a review on third-party cyber risk assessment/scoring tools that automatically gather and analyze open source data and provide a risk score/security rating.
Download White Paper
2018 3rd Party Cyber Risk Report
May 2018
Matt, CISO of a large company, comes to office on Friday. He is a very successful Chief of Information Security Office and he is very confident of capabilities of his team. They handle all vulnerabilities inside their own system, continuously scan and monitor their system, they use cutting-edge security tools such as firewalls, WAFs, IDS/IPS, and Data Leak Protection technologies.
The cyber security awareness of the employees is quite high and they do everything to avoid phishing-type attacks. The possibility that something goes wrong is very low. However, that Friday morning, when Matt looks at online news, he shockingly discovers that many of their client information is leaked.
Download White Paper
Is Your Money Safer in Cryptocurrency Exchange Markets than Banks?
April 2018
Crypto coins are the new mean of investment and shopping and their exchange volume increases exponentially. There are many exchange markets handles these investments.
However, the question of resiliency of these markets is on the rise with recent attacks. In 2014, one of the largest crypto coin exchange market, Mt. Gox which was handling 70% of all bitcoin transactions back then, was hacked and lost $473 million resulting its closure and most dramatic fells in BTC. In 2016, Bitfinex suffered due to a cyber attack resulted in 120,000 BTC (≈$72 million back then). In January 2018, as the biggest cryptocurrency hack, more than half billion dollars was stolen from Coincheck.
Download White Paper
2018 Cyber Security Risk Brief
April 2018
We analyzed more than 100,000 live assets from over 200 companies to find out which industries are at the head of the class, who needs to get their grades up, and the threats that everyone needs to address.
Trends and Insights from Cyber Risk Scorecard Key Data Points Includes detailed external security risk data from cyber risk scoring for: 5127 organizations across multiple industries. Over 1,000,000 active assets on the Internet, including web and network devices.
When DNS is compromised by a hacker, a user’s legitimate application request is redirected to a different network host, possibly with malicious intent…