This guide will help you better understand the choices before you, no matter if your organization hasn’t even cracked the seal on third party cyber risk management.
Third Party Risk
Posted inInternal Controls
SolarWinds hack turning into Pandora’s box of cyber-risk
The more we learn about the SolarWinds hack, the more troubled compliance officers should be by the scope and breadth of the risks their companies might have incurred.
Posted inEurope
Norwegian DPA warns Grindr of $11.7M GDPR fine
Norway’s data privacy watchdog issued gay dating app Grindr with a notice of intention to fine it NOK 100 million (U.S. $11.7 million) for sharing personal data with third parties without users’ consent.
Posted inAnti-Bribery
Deutsche Bank to pay $130M to settle bribery, ‘spoofing’ charges
Deutsche Bank has agreed to pay more than $130 million to resolve charges that it paid bribes to third parties to secure business deals in Asia and the Middle East, in addition to a separate commodities fraud “spoofing” case.
Posted inInternal Controls
Learning from SolarWinds: Five steps to fortify your cloud supply chain
For most companies, supply chain risk management traditionally focuses on managing physical third-party risks. But what the SolarWinds cyber-attack revealed is the catastrophic havoc fourth and fifth parties can also wreak in the often-ignored cloud supply chain.
Posted inRisk Management
Cyber-security lessons from the SolarWinds hack
The lessons from the massive SolarWinds hack on where vulnerabilities still lurk in the third-party vendor supply chain cannot be grasped soon enough.
Posted inRisk Management
Preparation, monitoring key to combating third-party cyber-security risk
A spate of recent cyber-security breaches occurring via third parties is a reminder of the importance for companies to stay on top of risk management. Regulators have shown to not take kindly to finger-pointing.
Posted inEurope
Trio of U.K. fines expose third-party risks under GDPR
Recent GDPR fines against British Airways, Marriott, and Ticketmaster by the U.K. Information Commissioner’s Office each saw the regulator dismiss claims by the companies that third parties were primarily responsible for the data breaches in question.
Posted inEurope
Ticketmaster UK fined $1.6M under GDPR for 2018 data breach
The U.K. Information Commissioner’s Office fined Ticketmaster £1.25 million (U.S. $1.6 million) for its failures relating to a 2018 data breach by a third party.
Posted inRisk Management
New bank resiliency guidance tackles cyber-risk, pandemic planning
Federal banking regulators have released new operational resiliency guidance aimed to strengthen risk management around technology-based failures, cyber-incidents, pandemic outbreaks, natural disasters, and more.
