The hackers that breached outsource customer communications vendor Twilio earlier this month didn’t just compromise encrypted communications app vendor Signal. In fact, they compromised more than 130 companies and 10,000 employees. Why? because Twilio is a vendor to all of these companies and these companies trusted Twilio. And, apparently, Twilio’s security practices were not good […]
Continue reading → [DISPLAY_ACURAX_ICONS]I don’t know how to say this any more clearly, but vendors represent a huge risk to every organization. Lion Air, the Indonesian parent of Malindo Air and other subsidiaries that were breached, confirmed the breach last week. Why did they confirm it? Perhaps they were being good corporate citizens. An alternative explanation is that […]
Continue reading → [DISPLAY_ACURAX_ICONS]I talk about the importance of vendor cyber risk management programs all the time. Vendors have been at the root of many very major breaches such as Target and Home Depot and more recently Capital One. Here are some thoughts around vendor cyber risk management. The vendor is big and publicly traded so surely they […]
Continue reading → [DISPLAY_ACURAX_ICONS]Lack of Vendor Cyber Risk Management Hurts over 750 Banks TCM Bank, a company that helps hundreds of small banks issue credit cards had a problem with their third party vendor – the bank’s fourth party vendor risk. The small bank wants to issue credit cards so they hire TCM and TCM hires someone else […]
Continue reading → [DISPLAY_ACURAX_ICONS]Last week I started a series on steps to comply with both the E.U.’s General Data Protection Regulation or GDPR and California’s new privacy law, the California Consumer Protection Act or CCPA. To find Step 1, go to this post: https://cybercecurity-mitch-tanenbaum-blog.com/complying-with-gdpr-and-californias-new-privacy-law-ccpa-step-1/ . This week, on to Step 2 – CREATE A VENDOR CYBER RISK MANAGEMENT PROGRAM […]
Continue reading → [DISPLAY_ACURAX_ICONS]