What the Ascension Breach Means for You

Posted by RiskRecon on Mar 21, 2019 3:33:50 PM

We’re well-versed in security breaches by now, but there’s still some uncertainty about whom to blame when things go wrong. A solid example of that is the recent Ascension Breach that involved Rocktop Partners, OpticsML, and various financial institutions in the mishandling of mortgage information.

We’ve delved into the Ascension Breach in a recent article published in Information Management. There are three important takeaways from the Ascension Breach:


  1. Information security matters – Regardless of the size of your organization, you’re responsible for protecting the privacy of your data. Being a small business is no excuse.
  2. Risk surface is expansive – Your risk surface isn’t limited to your immediate systems; it’s anywhere the confidentiality, integrity, or availability of your data or transactions are at risk. That risk includes your third- and often fourth-party vendors.
  3. You’re responsible for investigating your partners’ information security – If your customers have given you data—in this case, sensitive mortgage information—you’re responsible for protecting that information even if you sell it.
  4. Regulations need to expand – While banks are strongly regulated, entities that deal with financial institutions and interact with their data are often not. Regulations need to regulate every organization that deals with consumer information.

And what about the customer? Where do they stand? Read the full article to delve into the details of the breach.



Read More

Topics: threat investigation, risk exposures, 3rd party risk management, Third Party Risk

RiskRecon Partners with RSA Archer

Posted by RiskRecon on Mar 18, 2019 12:36:19 PM

We’re excited to announce RiskRecon’s new partnership with RSA Archer. RSA Archer was last year recognized as a leader in Integrated Risk Management in Gartner’s Magic Quadrant report, and for good reason: the software excels in threat detection and response, fraud prevention, integrated risk management, and identity and access management.

Now, RSA Archer users have access to RiskRecon’s in-depth third-party vendor risk assessments, making enterprise companies’ risk management practices more comprehensive and providing valuable cybersecurity knowledge upon which companies may act with confidence.

The partnership is an ideal marriage of risk management techniques. With RiskRecon, customers will have significant visibility into objectively verified security questionnaire responses, saving analysts significant time and yielding better third-party risk outcomes.

"Given how widespread and impactful issues related to third parties have become, it's clear that organizations must manage third-party risk more actively," said David Walter, Vice President of RSA Archer. "By partnering with RiskRecon, we can better enable customers to minimize risk by establishing continuous, actionable visibility into the security of their third parties."

We’re excited for this opportunity to help more customers significantly manage cyber risk and are honored to be part of RSA Archer’s innovative and impactful integrative risk management approach.

Read More

Topics: Vendor Risk Management, 3rd party risk management, Vendor Security, Third Party Risk

6 Tips for Administering Better Vendor Questionnaires

Posted by RiskRecon on Mar 12, 2019 1:18:03 PM

Vendor questionnaires are a vital part of determining the cyber risk of your third- and fourth-party vendors, but they also are risky propositions in and of themselves. After all, administering a vendor questionnaire involves a tremendous amount of trust: it’s a bit like trusting a cook when you have a severe gluten allergy.
In our latest article in Dark Reading, we provide six solutions to ensure you’re getting the most out of your vendor questionnaires. Here’s a rundown of those six solutions:

1. Keep your questionnaires to a reasonable length to keep costs low and engagement high.
2. Trust the answers you’re given, but verify them.
3. Alter the frequency at which you administer questionnaires: less often for high-performing vendors and more frequently for vendors who have difficulty coming into compliance.
4. Customize your questions to fit your vendor, and use the questionnaire to target the data you’re most interested in.
5. Don’t rely on vendor questionnaires alone: make a cybersecurity risk rating platform an integral part of your third-party vendor security investigation.
6. Determine the answers you need and then craft the questions after; don’t use yes/no questions unless they’re very specific.

Of course, that’s all easier said than done. For advice on how to implement our solutions, read the full article.

Read More

Topics: Vendor Risk Management, 3rd party risk management, Vendor Security, Third Party Risk

SC Magazine Unveils RiskRecon Review

Posted by RiskRecon on Mar 6, 2019 2:13:50 PM

As vendor risk management becomes a more clear and present danger, the challenge for mitigating vendor risk is twofold:

Read More

Topics: Vendor Risk Management, 3rd party risk management, Vendor Security, Third Party Risk, Merger & Acquisition cyber risk, Review

How to protect yourself through the hazards of the M&A process

Posted by RiskRecon on Feb 18, 2019 7:08:59 PM

The mergers and acquisitions process is scary enough, but absorbing another company’s digital assets without full visibility into their entire digital infrastructure is downright harrowing. This is perhaps best evidenced by Marriott’s experience during their Starwood acquisition: after the acquisition had been finalized, Marriott discovered a major data breach. Marriott’s direct losses due to the breach range between $200 million and $600 million. On the high end, that is nearly 5% of the total Starwood acquisition price—a high price to pay for negligence.

Thankfully, there’s a process for mitigating your cyber risk during the M&A process so you can avoid a mistake like Marriott’s. In a recent article published in SC Magazine, the process is outlined in five important steps:

Read More

Topics: Vendor Risk Management, 3rd party risk management, Vendor Security, Third Party Risk, Merger & Acquisition cyber risk

2019 Cybersecurity Predictions

Posted by RiskRecon on Feb 7, 2019 6:06:07 PM

VMblog.com, Virtualization Technology News and Information, recently posted some thought-provoking 2019 cybersecurity predictions from industry veteran Kelly White, CEO and Co-Founder of RiskRecon. In this article, Kelly touches on the growing importance of third-party cyber risk management, how hackers are focusing on third-party vulnerabilities, and provides four well-founded security predictions to help guide your security best practices for 2019 and years to come.

Kelly's full article and predictions can be found in the 11th annual VMblog.com series exclusive, along with other contributions from industry executives and experts. Click here to read more.

Read More

Topics: Vendor Risk Management, 3rd party risk management, Vendor Security, Third Party Risk

Product Enhancement:  Issue Risk Matrix for your Entire Vendor Portfolio

Posted by RiskRecon on Dec 17, 2018 4:18:51 PM

RiskRecon is pleased to announce the release of the Portfolio Issue Priority Matrix. The Portfolio Issue Risk Matrix provides you instant visibility into the risk distribution of security issues across your entire vendor portfolio. The interactive matrix enables you to identify the vendors that have issues within each risk priority. This is yet another way that RiskRecon makes it easy for you to understand and act on your third-party risk.

Read More

Topics: Vendor Risk Management, 3rd party risk management, Vendor Security, Issue Severity, Issue Risk Matrix, Asset Value

Second Deadly Sin: Failing to make third-party risk management about business risk management

Posted by RiskRecon on Oct 16, 2018 8:00:00 AM


We’re running a blog post series on the “Seven Deadly Sins of Third-Party Cyber Risk Management;” here’s the second deadly sin, which is failing to make third-party risk management about business risk management.

Read More

Topics: risk exposures, Vendor Risk Management, 3rd party risk management

New Enhancements to RiskRecon Portfolio Dashboard

Posted by RiskRecon on Oct 10, 2018 5:07:25 PM


RiskRecon has rolled out an update of the portfolio dashboard page to customers, which provides enhanced insights into their RiskRecon portfolios, built with active information widgets that facilitate viewing additional information and easy linking to vendor security profiles. The dashboard continues to be filterable based on customers’ portfolio organization.

Read More

Topics: Vendor Risk Management, 3rd party risk management

RiskRecon Advisor Yong-Gon Chon Shares Cybersecurity Tips

Posted by RiskRecon on Aug 30, 2018 2:56:12 PM


In a recent article in the ABA Journal, noted cybersecurity expert and RiskRecon Advisor, Yong-Gon Chon, shared his thoughts on what law firms can do to bolster their cybersecurity. In particular, Chon suggests learning from other industries. For example, law firms can look to financial institutions, which have long struggled with protecting data as required under the Gramm-Leach-Bliley Act, he said. Data protection is key.

Read More

Topics: Vendor Risk Management, 3rd party risk management, risk measurements, Vendor Security, Third Party Risk