Explore strategies for identifying and controlling risks that arise from partnerships with external vendors, contractors, and service providers. These articles cover risk assessment frameworks, compliance obligations, continuous monitoring techniques, and best practices for managing third-party relationships securely.
posts
The Breach That Didn't Start With You In early 2024, a massive data breach at Change Healthcare — a subsidiary of UnitedHealth Group — disrupted the entire U.S. healthcare payment system for weeks. The root cause? A threat actor exploited compromised credentials on a remote access portal that lacked
The Breach That Didn't Start With You In 2023, the MOVEit Transfer vulnerability gave threat actors a master key to thousands of organizations — not through their own systems, but through a single third-party file transfer tool. Over 2,600 organizations and 77 million individuals were impacted, according to
In March 2023, the Cybersecurity and Infrastructure Security Agency (CISA) issued emergency directives related to the 3CX supply chain compromise — a desktop phone app used by over 600,000 organizations globally. Threat actors had trojanized the software update itself, meaning every company that trusted the vendor's legitimate update
In 2023, a single compromised file transfer tool — MOVEit — cascaded into breaches affecting over 2,600 organizations and roughly 90 million individuals. The threat actor, the Cl0p ransomware group, didn't need to hack each victim directly. They exploited one vendor, and the dominoes fell. That's third
The Breach That Didn't Start With You In 2023, the MOVEit Transfer vulnerability didn't just hit one company. It cascaded through thousands of organizations that relied on a single file-transfer vendor. Government agencies, banks, healthcare systems, and universities all found themselves exposed — not because of anything
