Computer Security US Blog
Tag

Risk Assessment

posts

Third Party Risk Management

Third Party Vendor Cybersecurity Risk: A Practical Guide

In March 2023, the Cybersecurity and Infrastructure Security Agency (CISA) issued emergency directives related to the 3CX supply chain compromise — a desktop phone app used by over 600,000 organizations globally. Threat actors had trojanized the software update itself, meaning every company that trusted the vendor's legitimate update

Carl B. Johnson Jun 08, 2023 8 min read
Third Party Risk Management

Third Party Vendor Cybersecurity Risk: A Practical Guide

In 2023, a single compromised file transfer tool — MOVEit — cascaded into breaches affecting over 2,600 organizations and roughly 90 million individuals. The threat actor, the Cl0p ransomware group, didn't need to hack each victim directly. They exploited one vendor, and the dominoes fell. That's third

Carl B. Johnson Jul 27, 2020 7 min read