System and Organization Control (SOC) report reviews are a common part of the third-party due diligence function. These reports can be lengthy, contain elements that you really need to understand and agree to, different reviewers may produce different results, and one must understand how to properly review them. It is not sufficient enough to only […]
Over the past year, news outlets have been buzzing about Facebook, now called “Meta”, collecting vast amounts of data from healthcare organizations and tax return companies. Some of these companies are announcing breaches as a result of this data collection. Why are Companies Sending Sensitive Data to Facebook? Let’s be clear – Companies are not […]
If the SolarWinds hack taught us anything, it’s that the security of a company’s infrastructure is dependent on the resilience of their vendors. A breached vendor is a trojan horse that bypasses normal defenses and accesses the trusted areas of the network. Threat actors have cunningly discovered that a trusted vendor is often the easier […]
Vendor Risk Management Accuracy is all that Matters! Are Vendors Secure? If you ask any company if they are secure, most would say “Yes, of course we are!” This is especially true of vendors. No vendor ever says, “No, we’re not secure, but trust us with your data.” Most vendors are not being dishonest, but […]
Vendor Risk Management Accuracy is all that Matters! Many organizations utilize spreadsheets to measure their internal security posture and vendor risk. We get it – spreadsheets are simple, convenient, and it comes with the office suite that you have on your computer. Unfortunately, it does not scale and gets out of hand quickly. Let’s look […]
Vendor risk management is an incredibly complicated process. While some methods are much more efficient than others, there is no consensus on how all organizations accurately manage vendor risk. Every organization has a different maturity level in their third-party risk management program. We generally see that organizations measure vendor risk in five different levels, each […]
Introduction Imagine building a strong, stable fortress around your most important assets. All of your focus is on stopping the intruder that will directly target your organization. However, there is an indirect way to breach the gates – through your third parties. Your organization relies on third parties (vendors) for necessary services and you have […]