Third Party Risk Management - Consultancy, Assessment & Advisory

Third Party Risk Insights October 2020

This Month's Key Third Party Risk Management Articles & Reports

Majority of GDPR penalties issued as a result of two main problems

So far, businesses across Europe have paid more than $620 million in fines under GDPR, with two thirds (65 percent) stemming from security and data storage issues. Research from Exonar shows 65% of fines were paid by EU businesses due to insufficient security or unsecured and over-retained data.

According to Exonar, 39 percent ($244 million) of GDPR-related fines were due to insufficient security, with affected companies including British Airways, Active Assurances and DSK Bank. Read the full article.

Research Shows Companies With Strong Cybersecurity Outperform Market By Up To 7%

DVV Solutions partner BitSight and Solactive, a German index engineering firm, have released new research demonstrating that a company’s cybersecurity performance is an indicator of business performance.

Analysis shows that indices composed of well-performing BitSight-rated companies outperform their respective benchmarks by 1% to 2% annually. For certain sectors, such as U.S. Technology, well-rated companies outperform the benchmark by 7% per year. Learn more.

The Phish Scale: NIST-Developed Method Helps IT Staff See Why Users Click on Fraudulent Emails

Researchers at the National Institute of Standards and Technology (NIST) have developed a new method called the Phish Scale that could help organizations better train their employees to avoid a particularly dangerous form of cyberattack known as phishing.

The Phish Scale uses a rating system that is based on the message content in a phishing email and is intended to help provide a deeper understanding of whether a particular phishing email is harder or easier for a particular target audience to detect. Learn more in the official NIST release article.


You’re Only As Strong As Your Weakest Link

Third-Party breaches & Cyber Supply Chain issues that caught our eye

Gold Bullion Seller JM Bullion Hit by Magecart Attack

Recent Magecart breach news came from JM Bullion, an online retailer of gold, silver, copper, platinum, and palladium products, including coins and bullion. JM Bullion is the latest victim of a Magecart attack, after their site was hacked to include malicious scripts that stole customers’ credit card information.

JM Bullion’s website was compromised in the middle of February 2020, when a malicious script was introduced to the site, according to a ‘Notice of Data Protection Incident’ sent to clients. The breach window is thought to be between February 18th, 2020, and July 17th, 2020 and any payment information submitted within this time frame was sent to a remote server under the control of the attacker. Learn more.

Nitro Data Breach Could Spell Trouble for Google, Apple, Microsoft, Amazon, Citibank and Others

Recent data breach news came from NITRO Software, a PDF service used extensively by its business customers such as Google, Apple, Microsoft, Chase, and Citibank. Nitro is an application used to create, edit, and sign PDFs digitally. As part of its cloud services, users of NITRO can share a document with their coworkers or other partners from different organizations.

For a starting price of $80,000, a ‘user_credential’ database table that holds 70 million user records, including email addresses, full names, bcrypt hashed passwords, titles, company names, IP addresses, and other system-related data, has been offered at a private auction.

  • 13,772 accounts and 195,547 documents are from Amazon, Apple, Citi, Chase, Google, and Microsoft are believed to be in the compromised databases. Read more…

Learn more about how DVV Solutions Third Party risk managed services can help you achieve operational resilience and enhance oversight in your cyber supply chain.

Call today 0161 476 8700

or Submit a Contact Form