Vendor-Provided Resources

In this white paper, the RiskRecon research team breaks down five important insights for better managing supply chain ransomware risk based on an analysis of over 1000 publicly disclosed ransomware events occurring from 2017-2022.

With the latest statement from the White House on responsible AI, it’s clear AI is firmly in the spotlight. Find out how your organization can establish a foundation to address AI risks.

Dominated by a few risk repositories and scorecards, the TPRM ecosystem’s solutions have left healthcare largely wanting—still facing the same challenges that inspired the solution search in the first place. So, what does it take the actually solve for third-party risk in healthcare? Turns out, this question is best answered by professionals who have worked in healthcare.

In their first annual Ransomware Threat Landscape Report, Black Kite Research conducted an analysis and gathering of ransomware attacks over the last year. The report examines the evolving landscape of ransomware attacks from April 1, 2022, to March 31, 2023, including 2,708 ransomware victims whose names were publicized by ransomware groups on their underground blogs.

Cyberattacks on healthcare's supply chain and critical vendors have been growing exponentially in the last several years. CORL has compiled the top vendor risk trends for 2023 to help you map out your defensive strategy heading into the new year.

When it comes to concentration and cascading risk, what you don’t know could hurt your organization. In their eBook, The True Impact of Concentration and Cascading Risk, Black Kite covers the basics of how to classify and prioritize these risks across your organization to effectively resolve and mitigate areas of unacceptably high risk. They also cover how to strengthen your TPRM with tools that help you automate the process of mitigating concentration and cascading risk.

The research team from RiskRecon have cataloged publicly reported breach events between 2012-2021 across a population of over 5 million companies to offer insights to risk management and cybersecurity professionals for better handling of cyber risks.

A couple years ago, The Federal Reserve Board, FDIC, and OCC proposed joint third-party risk management (TPRM) guidance to provide a more consistent approach for how banking organizations should manage third-party relationships. This 68-page interagency guidance has just been finalized and put into effect. It replaces their separate past guidance (the Board’s 2013 guidance, the FDIC’s 2008 guidance, and the OCC’s 2013 guidance and its 2020 frequently asked questions). Check out this blog post to learn four suggested actions to comply with this new guidance as well as three additions to implement into your existing TPRM program.

Supply chains are intricate fibers in a complex global economy. Sadly, pull on a few threads and the fabric unravels, revealing unnoticed or ignored human rights and poor environmental standards. Between Covid-19, conscious consumerism, and ESG, tensions have grown, leading to increased regulation around supply chains and third parties. An example is the new German Supply Chain Due Diligence Act, which will lead to stricter global governance in the future. In their latest white paper, Aravo breaks down need-to-know information regarding this Act and key takeaways to help organizations meet the rising demand for supply chain transparency.

As the Lunar New Year celebration in China approaches, what potential cascading risks from the recent COVID-19 surge must you prepare for? Supply Wisdom risk and resilience experts share a resilience playbook for staying ahead of the situation.

It’s the million-dollar question: is the juice from security assessments worth the squeeze? We all know third-party security assessments take a lot of time and significant human resources. And after you finish an assessment, should you be making decisions based on what could be faulty data? Given these factors, is it even worth it? CyberGRX sat down with two people from opposite ends of the assessment dynamic to get both the vendor's and company's perspectives.

We can all agree there’s been an evolution of third-party risk management. Those shifts have been necessary to keep up with emerging risks, rapid-fire changes and technological advancements that are part of today's business world. And, while keeping up with these changes keeps us all busy, one particular element of third-party risk management hasn't changed: the third-party risk management lifecycle. That is… it hasn't changed until now.