Are SOC 2 Reports Sufficient for Vendor Risk Management?

July 5, 2024 at 10:21AM Businesses heavily rely on third-party vendors for various services, but this dependence introduces security vulnerabilities. Cybercriminals exploit weaknesses in vendors to target organizations, making robust vendor risk management crucial. While SOC 2 reports are useful, they have limitations. Organizations should supplement them with security questionnaires, testing, contractual agreements, and ongoing … Read more

SafeBase Scores $33M Series B Investment

April 30, 2024 at 10:16AM San Francisco startup SafeBase secures $33 million in Series B financing from investors Touring Capital, Zoom Ventures, NEA, Y Combinator, Comcast Ventures, and Cerca Partners. The company aims to simplify vendor risk assessments by enabling vendors to share security posture info and automate access to sensitive documents. SafeBase’s Trust Center … Read more

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

March 21, 2024 at 07:42AM In today’s digital-first business environment, organizations increasingly rely on third-party vendors for cloud services. Nudge Security offers security profiles for over 97,000 SaaS apps, aiding in vendor risk management by accelerating security reviews, providing app directories for employees, expediting evaluations, and offering breach alerts. Nudge Security’s flexible model aims to … Read more

Five Eyes Agencies Issue New Alert on Chinese APT Volt Typhoon

March 20, 2024 at 08:57AM Government agencies in the US, UK, Canada, Australia, and New Zealand are warning critical infrastructure entities of the threat posed by Chinese state-sponsored group, Volt Typhoon. Following a February advisory, the agencies are offering guidance on defending against the group’s advanced persistent threat (APT) activities, emphasizing cybersecurity, supply chain security, … Read more

Five Eyes tell critical infra orgs: take these actions now to protect against China’s Volt Typhoon

March 20, 2024 at 06:21AM The US government and international partners issued another warning about China’s Volt Typhoon cyber gang targeting critical infrastructure, advising protection measures. They emphasized guidance for non-technical senior leaders, urged cybersecurity best practices, and highlighted the importance of incident response plans and securing the supply chain. The advisory reiterated the gang’s … Read more

Cybersecurity Tactics FinServ Institutions Can Bank On in 2024

February 14, 2024 at 07:15AM Summary: The financial services sector faces escalating cybersecurity challenges as cybercriminals employ advanced tactics, AI, and deep fake technology. Recent trends reveal a surge in cyberattacks, data breaches, and state-sponsored threats. Community banks are particularly vulnerable and must address cloud security, ransomware, vendor risk, regulatory compliance, and talent shortages. Proactive … Read more

This Free Solution Provides Essential Third-Party Risk Management for SaaS

November 30, 2023 at 07:18AM Wing Security now offers free basic third-party risk assessments for SaaS, highlighting the connection between SaaS and third-party risk management (TPRM). The article underscores the importance of rigorous TPRM processes to handle risks from SaaS supply chains, offering 5 TPRM tips for SaaS security, including identification, due diligence, ongoing monitoring, … Read more

SaaS Vendor Risk Assessment in 3 Steps

November 13, 2023 at 03:04AM Software-as-a-Service (SaaS) is transforming the way businesses operate, but it also introduces security vulnerabilities. Managing SaaS vendors through vendor risk assessments is crucial for securing the supply chain. Here are three steps to assess and manage vendor-related risks in SaaS: gaining visibility into SaaS usage, assessing the security risks of … Read more