Third Party Risk Management - Consultancy, Assessment & Advisory
Third Party Risk Insights July 2020
This Month's Key Third Party Risk Management Articles & Reports
Most Companies Conduct Inherent Risk Assessments on Less Than 40% of Their Vendors
In DVV Solutions partner ProcessUnity’s guest blog, they reveal the outcomes and discussions from a recent IT GRC webinar with leading CISOs and Third Party risk executives. While any third-party risk management professional would be quick to say that they perform inherent risk assessments to determine the level of due diligence for a vendor, the survey revealed that two-thirds of companies are actually scoring less than half of their vendors. Read the Guest Blog.
Survey finds 1 in 2 companies unable to cope with remote work security risks
Half of infosec professionals in a recent Bitdefender study revealed that their organization doesn’t have a contingency plan in place, or didn’t know if they did, for a situation like COVID-19 or a similar scenario.
86% of respondents in our study, conducted by Sapio Research, admitted that attacks were on the rise during the pandemic, with phishing and whaling recording the biggest spike among the common attack vectors – a finding echoed in other recent studies. Read the full article.
Financial Crime Risks: What A Vendor Manager Must Know About Sanctions and Money Laundering
Shared Assessments’ Continuous Monitoring Working Group recently convened to examine the risks from financial crime that a vendor manager must understand. Ken Wolckenhauer, head of vendor due diligence and review for the New York branch of Finland-based Nordea Bank, led the discussion around this serious topic. Wolckenhauer’s insights from his career experiences illuminated key considerations to integrate into vendor risk assessments.
This blogpost describes what a vendor manager needs to know about sanctions and money laundering, offering resources for the management of this risk.
Six to ten terabytes of sensitive internal information stolen from Citrix
According to the recent announcement from the networking tech giant Citrix Systems, malicious hackers were inside their networks for five months between 2018 and 2019, offsetting workers, contractors, interns, job applicants and their dependents with personal and financial data. Citrix admitted the intruders broke in by scraping poor passwords from employee accounts. The announcement came nearly a year after the breach. Read more.
Tech unicorn Dave admits to security breach impacting 7.5 million users
Digital banking app and tech unicorn Dave.com experienced a significant security breach after a hacker published the details of 7,516,625 users on a public forum. In an email to ZDNet, Dave said the security breach originated on the network of a former business partner, Waydev, an analytics platform used by engineering teams.
“As the result of a breach at Waydev, one of Dave’s former third party service providers, a malicious party recently gained unauthorized access to certain user data at Dave,” Learn more.
Learn more about how DVV Solutions Third Party risk managed services can help you achieve operational resilience and enhance oversight in your cyber supply chain.