Optiv has gone beyond examining log data and classic managed security services work to pursue threats across a broader swath of structured and unstructured data. The company has focused on finding threats outside of a log environment by examining system-to-system interfaces and transactional data.
BlueVoyant has strengthened its ability to monitor the remediation of supply chain issues and integrate that with questionnaire activity, CEO Jim Rosenthal says. Existing supply chain tools tend to generate lots of risk information but then put the burden on the client to interact with suppliers.
Security ratings provide a strong indication of potential risk, but boards increasingly want to drill into the underlying risk factors, says CEO Steve Harvey. BitSight has invested in both workflows around third-party risk and research and identification of CVEs on behalf of government agencies.
Most organizations rely on third parties to provide important services and capabilities, often not realizing that third-party vendors are as vulnerable to advanced attacks as the organizations are. The increasing level of access and integration within host organization environments can present risks and potential new...
Hackers are going downstream in their attacks on healthcare sector entities and their third-party business associates because in many cases, these cybercriminals have already hit up the larger players, says Michael Hamilton, CISO of security firm Critical Insight.
Hacking and third-party business associate incidents were the crux of the largest health data breaches reported to federal regulators in 2022, foreshadowing the top risks and threats that will likely plague healthcare entities and their vendors in the new year, as well.
Many of the major health data breaches being reported to regulators reflect a variety of poor practices by business associates, including retaining sensitive patient information for much longer than necessary, says Kate Borten, president of The Marblehead Group.
Hundreds of U.S. counties continue to work with pen and paper after a cyberattack on their digital records management vendor last week disrupted methods to view, add and edit government records. The attack slowed the processing of birth certificates, marriage licenses and real estate transactions.
In the latest update, four ISMG editors discuss important issues of 2022, including: CISO Marene Allison's unique career path; Ukrainian government cybersecurity official Victor Zhora on lessons learned from countering cyberattacks; and insights from CEO Nikesh Arora of Palo Alto Networks.
Phishing and other socially-engineered schemes are going to get bolder, the attack surface is only going to get bigger, and enterprises everywhere are going to have to focus more on building cyber resilience. These are among the New Year's predictions from Zoom's new CISO, Michael Adams.
Hospitals must not only prepare in advance for ransomware and other debilitating attacks on their organizations, but also for responding to the effect of cyber incidents at neighboring facilities, says Dr. Christian Dameff of the University of California San Diego.
Many healthcare organizations struggle to recover from ransomware attacks, putting clinical procedures and patient safety in jeopardy during the process, says Steve Cagle, CEO of privacy/consulting firm Clearwater. "They need to think about how the technology is supporting the business," he says.
Meta has reached a $725 million agreement to resolve a class action lawsuit filed over Facebook's user data-sharing practices, after data for 87 million Facebook profiles was transferred to political consultancy Cambridge Analytica in violation of the social network's policies.
As major cyber incidents involving vendors surge, healthcare entities must carefully and continuously scrutinize the security practices of their third-party vendors, says Kathy Hughes, CISO of Northwell Health.
An Oklahoma-based provider of administrative and technology services to healthcare organizations is notifying more than 271,000 individuals that their personal information may have been compromised in a hacking incident involving a third-party data storage vendor.