supply chains

5 Questions CISOs Should Ask Third-Party Vendors

By / Blog / , ,

CISOs must evaluate third-party vendors to mitigate risks, especially as recent data breaches highlight vulnerabilities. Key questions to ask include:

  1. What is the vendor’s overall security program?
  2. What is their security development process?
  3. What are their supply chain practices?
  4. Are their privacy and data protection practices compliant?
  5. Is the vendor insured, and under what terms?

These questions help ensure robust data protection while integrating third-party services. CISOs should be central in vendor selection to prevent potential breaches.

https://www.infosecurity-magazine.com/blogs/5-questions-cisos-should-ask/

Cyberattacks Targeting IT Vendors Intensify, Causing Bigger Losses

By / Blog / ,

Cyberattacks on IT vendors are escalating, resulting in significant financial losses, according to a Resilience report. In 2024, 23% of cyber insurance claims involved third-party breaches, causing operational disruptions and high costs, exemplified by UnitedHealth's $3.1 billion ransomware attack. Ransomware is still the leading cause of cyber claims, but attackers are shifting focus to larger targets for bigger payouts.

https://www.ciodive.com/news/vendor-driven-cyberattacks-losses/741686/

ENISA: Embedding Resilience in Critical Infrastructure

By / Blog / , ,

ENISA, led by Marnix Dekker, focuses on enhancing cybersecurity for critical infrastructure in the EU, emphasizing support for smaller suppliers against supply chain attacks. Compliance with the new NIS2 regulations is key to maintaining operational resilience. ENISA aims for harmonized security practices across member states to avoid fragmented approaches that could hurt collective cybersecurity. Dekker's team works on implementing NIS directives and fostering collaboration to aid less-secure sectors.

https://www.databreachtoday.com/enisa-embedding-resilience-in-critical-infrastructure-a-27351

Scroll to Top