August 9, 2024 at 08:18AM The American Hospital Association and the Health-ISAC issued a joint threat bulletin cautioning about ransomware attacks causing blood shortages and disrupting patient care in the U.S. and U.K. The bulletin highlighted recent attacks and urged healthcare organizations to prepare for supply chain disruptions and develop risk management plans for third-party … Read more
July 24, 2024 at 08:39AM Vanta, a security and compliance solutions provider, has raised $150 million in a Series C funding round, bringing their total funding to $353 million. The latest funding, led by Sequoia Capital, values the company at $2.45 billion. Vanta plans to use the funds for expansion and accelerating AI product innovation. … Read more
July 5, 2024 at 10:21AM Businesses heavily rely on third-party vendors for various services, but this dependence introduces security vulnerabilities. Cybercriminals exploit weaknesses in vendors to target organizations, making robust vendor risk management crucial. While SOC 2 reports are useful, they have limitations. Organizations should supplement them with security questionnaires, testing, contractual agreements, and ongoing … Read more
April 30, 2024 at 10:16AM San Francisco startup SafeBase secures $33 million in Series B financing from investors Touring Capital, Zoom Ventures, NEA, Y Combinator, Comcast Ventures, and Cerca Partners. The company aims to simplify vendor risk assessments by enabling vendors to share security posture info and automate access to sensitive documents. SafeBase’s Trust Center … Read more
March 21, 2024 at 07:42AM In today’s digital-first business environment, organizations increasingly rely on third-party vendors for cloud services. Nudge Security offers security profiles for over 97,000 SaaS apps, aiding in vendor risk management by accelerating security reviews, providing app directories for employees, expediting evaluations, and offering breach alerts. Nudge Security’s flexible model aims to … Read more
March 20, 2024 at 08:57AM Government agencies in the US, UK, Canada, Australia, and New Zealand are warning critical infrastructure entities of the threat posed by Chinese state-sponsored group, Volt Typhoon. Following a February advisory, the agencies are offering guidance on defending against the group’s advanced persistent threat (APT) activities, emphasizing cybersecurity, supply chain security, … Read more
March 20, 2024 at 06:21AM The US government and international partners issued another warning about China’s Volt Typhoon cyber gang targeting critical infrastructure, advising protection measures. They emphasized guidance for non-technical senior leaders, urged cybersecurity best practices, and highlighted the importance of incident response plans and securing the supply chain. The advisory reiterated the gang’s … Read more
February 14, 2024 at 07:15AM Summary: The financial services sector faces escalating cybersecurity challenges as cybercriminals employ advanced tactics, AI, and deep fake technology. Recent trends reveal a surge in cyberattacks, data breaches, and state-sponsored threats. Community banks are particularly vulnerable and must address cloud security, ransomware, vendor risk, regulatory compliance, and talent shortages. Proactive … Read more
November 30, 2023 at 07:18AM Wing Security now offers free basic third-party risk assessments for SaaS, highlighting the connection between SaaS and third-party risk management (TPRM). The article underscores the importance of rigorous TPRM processes to handle risks from SaaS supply chains, offering 5 TPRM tips for SaaS security, including identification, due diligence, ongoing monitoring, … Read more
November 13, 2023 at 03:04AM Software-as-a-Service (SaaS) is transforming the way businesses operate, but it also introduces security vulnerabilities. Managing SaaS vendors through vendor risk assessments is crucial for securing the supply chain. Here are three steps to assess and manage vendor-related risks in SaaS: gaining visibility into SaaS usage, assessing the security risks of … Read more