Third Party Risk Management - Consultancy, Assessment & Advisory

Third Party Risk Insights July 2020

This Month's Key Third Party Risk Management Articles & Reports

Most Companies Conduct Inherent Risk Assessments on Less Than 40% of Their Vendors

In DVV Solutions partner ProcessUnity’s guest blog, they reveal the outcomes and discussions from a recent IT GRC webinar with leading CISOs and Third Party risk executives. While any third-party risk management professional would be quick to say that they perform inherent risk assessments to determine the level of due diligence for a vendor, the survey revealed that two-thirds of companies are actually scoring less than half of their vendors. Read the Guest Blog.

Survey finds 1 in 2 companies unable to cope with remote work security risks

Half of infosec professionals in a recent Bitdefender study revealed that their organization doesn’t have a contingency plan in place, or didn’t know if they did, for a situation like COVID-19 or a similar scenario.

86% of respondents in our study, conducted by Sapio Research, admitted that attacks were on the rise during the pandemic, with phishing and whaling recording the biggest spike among the common attack vectors – a finding echoed in other recent studies. Read the full article.

Financial Crime Risks: What A Vendor Manager Must Know About Sanctions and Money Laundering

Shared Assessments’ Continuous Monitoring Working Group recently convened to examine the risks from financial crime that a vendor manager must understand. Ken Wolckenhauer, head of vendor due diligence and review for the New York branch of Finland-based Nordea Bank, led the discussion around this serious topic. Wolckenhauer’s insights from his career experiences illuminated key considerations to integrate into vendor risk assessments.

This blogpost describes what a vendor manager needs to know about sanctions and money laundering, offering resources for the management of this risk.

You’re Only As Strong As Your Weakest Link

Third-Party breaches & Cyber Supply Chain issues that caught our eye

Six to ten terabytes of sensitive internal information stolen from Citrix

According to the recent announcement from the networking tech giant Citrix Systems, malicious hackers were inside their networks for five months between 2018 and 2019, offsetting workers, contractors, interns, job applicants and their dependents with personal and financial data. Citrix admitted the intruders broke in by scraping poor passwords from employee accounts. The announcement came nearly a year after the breach. Read more.

Tech unicorn Dave admits to security breach impacting 7.5 million users

Digital banking app and tech unicorn experienced a significant security breach after a hacker published the details of 7,516,625 users on a public forum. In an email to ZDNet, Dave said the security breach originated on the network of a former business partner, Waydev, an analytics platform used by engineering teams.

“As the result of a breach at Waydev, one of Dave’s former third party service providers, a malicious party recently gained unauthorized access to certain user data at Dave,” Learn more.

Learn more about how DVV Solutions Third Party risk managed services can help you achieve operational resilience and enhance oversight in your cyber supply chain.

Call today 0161 476 8700

or Submit a Contact Form