Vendor-Provided Resources

The research team from RiskRecon have cataloged publicly reported breach events between 2012-2021 across a population of over 5 million companies to offer insights to risk management and cybersecurity professionals for better handling of cyber risks.

A couple years ago, The Federal Reserve Board, FDIC, and OCC proposed joint third-party risk management (TPRM) guidance to provide a more consistent approach for how banking organizations should manage third-party relationships. This 68-page interagency guidance has just been finalized and put into effect. It replaces their separate past guidance (the Board’s 2013 guidance, the FDIC’s 2008 guidance, and the OCC’s 2013 guidance and its 2020 frequently asked questions). Check out this blog post to learn four suggested actions to comply with this new guidance as well as three additions to implement into your existing TPRM program.

Supply chains are intricate fibers in a complex global economy. Sadly, pull on a few threads and the fabric unravels, revealing unnoticed or ignored human rights and poor environmental standards. Between Covid-19, conscious consumerism, and ESG, tensions have grown, leading to increased regulation around supply chains and third parties. An example is the new German Supply Chain Due Diligence Act, which will lead to stricter global governance in the future. In their latest white paper, Aravo breaks down need-to-know information regarding this Act and key takeaways to help organizations meet the rising demand for supply chain transparency.

As the Lunar New Year celebration in China approaches, what potential cascading risks from the recent COVID-19 surge must you prepare for? Supply Wisdom risk and resilience experts share a resilience playbook for staying ahead of the situation.

It’s the million-dollar question: is the juice from security assessments worth the squeeze? We all know third-party security assessments take a lot of time and significant human resources. And after you finish an assessment, should you be making decisions based on what could be faulty data? Given these factors, is it even worth it? CyberGRX sat down with two people from opposite ends of the assessment dynamic to get both the vendor's and company's perspectives.

We can all agree there’s been an evolution of third-party risk management. Those shifts have been necessary to keep up with emerging risks, rapid-fire changes and technological advancements that are part of today's business world. And, while keeping up with these changes keeps us all busy, one particular element of third-party risk management hasn't changed: the third-party risk management lifecycle. That is… it hasn't changed until now.

Risk management is no longer about protecting your own attack surface, but understanding the security practices and vulnerabilities of all the other companies you do business with. When you think about it, what cyber risk isn’t third party risk?

Regardless of how tight an organization’s internal cybersecurity measures are, nearly anyone can fall victim to an attack via one of their vendors. CyberGRX partnered with cyber risk experts to dive into what it takes to build a scalable TPCRM program, breaking it down into four pillars.

Learn how cascading and concentration risk impact your digital supply chain.

How next generation third party cyber risk management solutions can reduce staff time and improve accuracy of third party cyber risk compared to manual process or first generation vendors.

Watch the webinar to obtain the survey results.

March: The Path to Organizational Resilience