How to protect yourself through the hazards of the M&A process

Posted by RiskRecon on Feb 18, 2019 7:08:59 PM

The mergers and acquisitions process is scary enough, but absorbing another company’s digital assets without full visibility into their entire digital infrastructure is downright harrowing. This is perhaps best evidenced by Marriott’s experience during their Starwood acquisition: after the acquisition had been finalized, Marriott discovered a major data breach. Marriott’s direct losses due to the breach range between $200 million and $600 million. On the high end, that is nearly 5% of the total Starwood acquisition price—a high price to pay for negligence.

Thankfully, there’s a process for mitigating your cyber risk during the M&A process so you can avoid a mistake like Marriott’s. In a recent article published in SC Magazine, the process is outlined in five important steps:

Read More

Topics: Vendor Security, Vendor Risk Management, 3rd party risk management, Third Party Risk, Merger & Acquisition cyber risk

2019 Cybersecurity Predictions

Posted by RiskRecon on Feb 7, 2019 6:06:07 PM

VMblog.com, Virtualization Technology News and Information, recently posted some thought-provoking 2019 cybersecurity predictions from industry veteran Kelly White, CEO and Co-Founder of RiskRecon. In this article, Kelly touches on the growing importance of third-party cyber risk management, how hackers are focusing on third-party vulnerabilities, and provides four well-founded security predictions to help guide your security best practices for 2019 and years to come.

Kelly's full article and predictions can be found in the 11th annual VMblog.com series exclusive, along with other contributions from industry executives and experts. Click here to read more.

Read More

Topics: Vendor Security, Vendor Risk Management, 3rd party risk management, Third Party Risk

Third Deadly Sin: Not measuring and reporting risk and risk outcomes

Posted by RiskRecon on Oct 18, 2018 8:00:00 AM

 

We’re running a blog post series on the “Seven Deadly Sins of Third-Party Cyber Risk Management;” here’s the third deadly sin, which is not measuring and reporting risk and risk outcomes.

Read More

Topics: Third Party Risk, Vendor Security, Vendor Risk Management

Lockpath and RiskRecon Further Partnership to Increase Third-Party Risk Visibility

Posted by RiskRecon on Sep 18, 2018 11:31:11 AM

 

Lockpath, a leading provider of integrated risk management solutions, today announced the availability of the integration between its award-winning Keylight Platform and RiskRecon, a SaaS-based third-party cyber risk monitoring solution that delivers objective insights into third-party security performance and IT landscape. This product integration aims to enable precise, efficient reduction and elimination of organizations’ most critical third party security gaps.

Read More

Topics: Third Party Risk, Vendor Security, Vendor Risk Management

RiskRecon Advisor Yong-Gon Chon Shares Cybersecurity Tips

Posted by RiskRecon on Aug 30, 2018 2:56:12 PM

 

In a recent article in the ABA Journal, noted cybersecurity expert and RiskRecon Advisor, Yong-Gon Chon, shared his thoughts on what law firms can do to bolster their cybersecurity. In particular, Chon suggests learning from other industries. For example, law firms can look to financial institutions, which have long struggled with protecting data as required under the Gramm-Leach-Bliley Act, he said. Data protection is key.

Read More

Topics: Third Party Risk, Vendor Security, Vendor Risk Management, risk measurements, 3rd party risk management

Who’s Monitoring Your Third-Party Vendors for Cyber Risk?

Posted by RiskRecon on Jul 6, 2018 4:07:55 PM

 

Exactis Data Leak Illustrates the Enormity of an Organization’s Potential Third-Party Cyber Risk

With hundreds and thousands of complex, highly interdependent, Internet-connected systems, it’s no wonder that an enterprise’s potential third-party cyber risk has multiplied in recent years. 

Read More

Topics: Third Party Risk, Vendor Security

You Can’t Manage What You Can’t Measure – Integrating Risk Formulas into Your Cyber Risk Management Framework

Posted by Kelly White on Jul 2, 2018 11:37:06 AM

 

By Kelly White | July 2, 2018 

Calculating cyber risk is a key element of any sound risk management strategy. While traditional risk management models have focused on financial, process, workplace and IT factors, for many organizations cyber risk is still a new component in their risk assessment practices. Yet issues such as accurately measuring exposure, understanding the correct level of security spend, and whether or not to buy cyber insurance (and how much to buy) depend on hard numbers. How do you tackle quantifying these concerns in practical business terms?

Read More

Topics: Third Party Risk, Vendor Security, Vendor Risk Management

Breaking the Cybersecurity Insanity Cycle

Posted by Yong-Gon Chon on Jun 19, 2018 11:15:36 AM

 

By Yong-Gon Chon | June 19, 2018

I’m joining the Board at RiskRecon because with my 20+ years of experience working in information security, I truly believe their offering solves the failing state that dominates this domain.

To put it bluntly, Einstein defined INSANITY as “doing the same thing over and over again and expecting different results.” Over my long tenure in information security, I have witnessed exactly that: INSANITY. From firewalls to next-gen firewalls to something better than next-gen firewalls; from anti-virus to endpoint protection to endpoint protection with machine learning to AI orchestrated through “frictionless security,” we are doing the same thing over and over again expecting a different result. In some sense things are different—they’re worse. According to the 2011 Verizon Data Breach Investigations Report (DBIR), the cumulative caseload from 2004-2010 spanned over 1,700 breaches. In the 2018 DBIR alone it was 2,200.

Read More

Topics: Third Party Risk, Vendor Risk Management, 3rd party risk management

Security Vulnerabilities Don’t Equal Security Risk – So How Do You Prioritize?

Posted by Kelly White on May 31, 2018 1:53:50 PM

 

By Kelly White | May 31, 2018 

While security vulnerabilities are found in many technologies, their presence doesn’t necessarily equal risk. Borrowing the FAIR Institute’s definition, risk is the probable frequency and magnitude of loss. Knowing what security vulnerabilities are present in your infrastructure can help you understand the probable frequency, but it offers no indication of loss magnitude. Rather, solving risk requires two foundational data points: what security vulnerabilities your technology has, and the value of the assets in which those vulnerabilities exist. Without that context, a given vulnerability is the same as any other.

Read More

Topics: Third Party Risk, Vendor Security, Security Ratings, Vendor Risk Management, Scalability

Join us for the Fair Institute Tech Sponsor Webinar Featuring RiskRecon Founder and CEO Kelly White

Posted by RiskRecon on May 23, 2018 2:14:34 PM

 

RiskRecon Founder and CEO Kelly White will be presenting a FAIR Institute Tech Sponsor Webinar titled "Solving third-party risk at scale - a true risk-based approach" on Friday May 18th at 3 pm EST. 

Read More

Topics: Vendor Security, Webinar, Third Party Risk, CISO, 3rd party risk management