Proactively mitigate third-party risks with vendor engagement and issue response strategies Lapsus$, a criminal hacking group, has breached multiple third-party software services over the past few months. The first identified attack occurred in January 2022 at Okta, followed by a subsequent attack at Globant. These large-scale providers of IT applications serve the likes of Cloudflare, Peloton and Chipotle. In…
LEARN MORELast year, cyberattacks on third-party vendors cost organisations in various industries billions of dollars. From major banks to healthcare to governments, no one is immune. But throwing more budget at the problem is not the solution. BlueVoyant’s recent survey of 1,200 global security executives across industries revealed that despite more focus and budget going to…
LEARN MOREThe global epidemic, geo-political tensions and continuous data breaches such as SolarWinds and NotPetya have highlighted the importance of maintaining smooth supply chain operations. This is coupled with increasing regulatory pressure being placed on demonstrable risk assurance efforts, including the impending PRA Operational Resilience requirements and EU’s DORA Act. How can we address these challenges…
LEARN MOREThird-party risk management (TPRM) is a common thread that spans security, privacy, ethics, and ESG. However, these teams and leaders often do not collaborate to achieve a shared mission: reduce third-party risk. As the requirements for each individual risk domain increase, it’s not enough to have a tunnel-vision strategy to track and address vendor risks….
LEARN MOREBlack Kite, the leader in third-party cyber risk intelligence, has been recognised as a Customers’ Choice in the latest Gartner Peer Insights™ ‘Voice of the Customer’: IT Vendor Risk Management’ report. Based on end-user feedback (32 reviews as of Nov ‘21), 100% of the customers that reviewed Black Kite would recommend the platform to their peers,…
LEARN MOREThe clock’s ticking! If you’re a financial services institution regulated by the Prudential Regulatory Authority, any third-party outsourcing agreements you enter into after 31 March 2022 — that’s less than two months away — will have to comply with their new outsourcing and third-party risk management guidelines. And you’ll have to revise agreements you already have…
LEARN MOREThe increased reliance on third-party vendors for businesses to advance digital transformation has never been more important than now. However, the swift adoption and complex vendor relationships can leave gaps in how organizations properly vet and track their third parties that are both comprehensive and efficient. These gaps can increase your exposure to risk and…
LEARN MOREAs we head into 2022, a spate of fourth-quarter announcements have given us a good window in terms of what to expect in the new year and beyond for climate metrics and reporting requirements. Three points in particular are important to highlight for third party risk management: Newly updated Task Force on Climate-related Financial Disclosures…
LEARN MOREAnyone involved in the cyber protection of businesses knows that worrying about future trends must be balanced against tackling what is already here. When the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and other global agencies jointly published a list of the most commonly exploited vulnerabilities last year, the striking feature was how old these…
LEARN MOREPrivacy is celebrated globally each year on January 28th to commemorate the signing of the first legally binding international treaty dealing with privacy and data protection. This year, companies across the globe are participating in a full week-long initiative to drive a campaign for Data Privacy Week that respects privacy, safeguards data, and enables trust. Data…
LEARN MORE