Provides in-depth coverage of cybersecurity risks arising from third party vendor relationships. Topics include vendor risk scoring, security audits, breach notification requirements, regulatory compliance obligations, and building comprehensive vendor risk management programs to protect sensitive data.
posts
When Target lost 40 million credit card records in 2013, the attackers didn't breach Target directly. They compromised an HVAC vendor. Over a decade later, the playbook hasn't changed — it's just gotten more devastating. Third party vendor cybersecurity risk is now the single fastest-growing
In March 2023, the Cybersecurity and Infrastructure Security Agency (CISA) issued emergency directives related to the 3CX supply chain compromise — a desktop phone app used by over 600,000 organizations globally. Threat actors had trojanized the software update itself, meaning every company that trusted the vendor's legitimate update
