Third Party Risk Management - Consultancy, Assessment & Advisory

TPRM Industry Insights - February 2020

Third Party Risk Management Articles and Reports

FBI warns about ongoing attacks against software supply chain companies

The FBI has sent a security alert to the US private sector about an ongoing hacking campaign that’s targeting supply chain software providers. The FBI says hackers are attempting to infect companies with the Kwampirs malware, a remote access trojan (RAT). ZDNet reports.

ElevenPaths Cybersecurity Report Outlines Cyber Risk Ratings by Sector

ElevenPaths, Telefonica’s Cybersecurity Unit, recently released a new report that summarizes the latest cybersecurity insights from the second half of 2019 — covering everything from relevant incidents and vulnerabilities to cyber risk ratings by sector. The information presented is mostly based on the collection and synthesis of internal data that has been contrasted with public information from high-quality sources, including BitSight Security Ratings. Read more.

Time to patch your lightbulb? Researchers demonstrate Philips Hue exploit

Researchers at Check Point have demonstrated how a vulnerability found in Philips Hue smart lightbulbs could allow intruders to infiltrate networks, highlighting the increasing risk from the prevalance of IoT devices in the home, office and workplace.

Read the full article.

2020 Perspectives on Regulatory Trends and Tools: TPRM to the Nth Degree

Shared Assessments Senior VP & CSO Brad Keller looks at the depth of operational impact new data privacy regulations will have on companies & their third parties. Read on…


You’re Only As Strong As Your Weakest Link

Third-Party breaches & cyber supply chain issues that caught our eye

Norwegian DPA imposes €120,000 fine on Municipality of Oslo.

The Norwegian DPA also imposed an administrative fine of €120,000 on the Municipality of Oslo, the Education Agency, as a result of poor security of processing in a mobile app. The app is used for communication between school employees, parents and pupils.
The fine was issued because the municipality had not implemented appropriate technical and organisational measures to ensure a level of security appropriate to the risk. The Municipality of Oslo did not appeal the decision.

Visit the European Data Protection Board notification website.

Investigation finds 400-plus councils let at least one third party track use of their sites

UK Councils are sharing information about users of their websites – including when they seek help with a benefit claim, or with a disability or alcoholism – with dozens of private companies. More than 400 local authorities allowed at least one third-party company to track individuals who visit their sites, an investigation has revealed.

The report highlights the risks to data privacy and data protection posed by Third-Party data collectors, ad servers and social plug-ins embedded in council websites.

Learn more.

Major Third-Party data breaches revealed in January 2020

NormShield Cybersecurity offers its run down of the major Third-Party data breaches and cyber hacks from across the globe over the last month.

Read on… if you dare


Learn more about how DVV Solutions Third Party risk managed services can help you achieve operational resilience and enhance oversight in your cyber supply chain.

Call today 0161 476 8700

or Submit a Contact Form