Third-Party Risk Management – How to Build a Strong TPRM Program https://cybersecuritynews.com/third-party-risk-management/ #CyberSecurityNews #cybersecuritynews #RiskManagement #CyberSecurity #cybersecurity #TPRM

Third-party cyber risks are growing faster than ever, leaving organizations vulnerable. Here are 6 lessons to strengthen your TPRM strategy. https://jpmellojr.blogspot.com/2025/03/ciso-survey-6lessons-to-boost-third.html #Panorays #CISOsurvey #TPRM #SupplyChainSecurity

Finally I think we getting into a grove now, check out the latest Threat Thursday and let me know what you think https://youtu.be/gX864VDqJG4?si=lPp7WnImSAxe0usR #tprm #stealerlogs

The second episode of the Alice in Supply Chains podcast is out!

This is a podcast where @sawaba and I discuss what we consider some of most important news related to Third-Party Cyber Risk Management from the previous month.

You can check it out on the major podcast platforms.

Youtube: https://www.youtube.com/watch?v=CMYDeb56FWs

Spotify: https://open.spotify.com/episode/7qPB7IauZ1QGdmuczircB8?nd=1&dlsi=7972d56c585442c6

Apple Music: https://podcasts.apple.com/br/podcast/episode-2-february-2025/id1791990827?i=1000694446509

Amazon Music: https://music.amazon.com.br/podcasts/baac01b9-a19b-4c3a-837b-637fad39be4d/alice-in-supply-chains

This is based on the longer monthly newsletter of the same name published by @TenchiSecurity on LinkedIN. You can find the latest edition at https://www.linkedin.com/pulse/issue-30-february-2025-tenchisecurity-aejkf/

Third-Party Risk is a Top Threat in 2025—Are You Ready? From breaches to AI-driven vendor risks, third-party risk is evolving fast. Learn how to secure your vendor ecosystem & reduce risk. Watch now! https://youtu.be/HV-Ysn6-ZxQ

Happy to announce the launch of the Alice in Supply Chains #podcast, posted monthly, focusing on topical discussions on the top news relevant to Third-Party Cyber Risk Management.

"Plant a tree, have a child, and write a book. These all live on after us, insuring a measure of immortality." We all know that these days, the writing a book part would probably be replaced with "host a podcast".

Given that inevitability, I have finally decided to face my impostor syndrome and my non-native and accented English and give that a go. Standing on the shoulders of the collective effort we do at @TenchiSecurity on publishing high-quality content on Third-Party Cyber Risk Management in the Alice in Supply Chains newsletter, and counting on the vast experience and expertise of my good friend and co-host @sawaba .

Please check it out and let us know what you think, we are really at the beginning of the learning curve here and can use the feedback. Hope you like it!

Youtube: https://www.youtube.com/playlist?list=PL22qeD49pJIix3gpBoeYvzcdATBhCoGLR

Spotify: https://open.spotify.com/episode/2GLA4H22nRixBWMwSgfr2M?si=SuhuCiHtS92-O5KdvYeNMw&nd=1&dlsi=1bc786e899e14f09

Amazon: https://music.amazon.com.br/podcasts/baac01b9-a19b-4c3a-837b-637fad39be4d/alice-in-supply-chains

Apple: https://podcasts.apple.com/us/podcast/alice-in-supply-chains/id1791990827

If you haven't subscribed to the newsletter yet, you can do so now at https://podcasts.apple.com/us/podcast/alice-in-supply-chains/id1791990827

Are you ready for 2025's top cybersecurity threats? From generative AI attacks and deepfake extortion to third-party breaches, read our blog for actionable strategies to reduce your organization's risk. Read more: https://www.lmgsecurity.com/2025-cybersecurity-priorities-top-3-focus-areas-for-cybersecurity-leaders/

The US Treasury Dept was the victim of a 2nd party #databreach due to the BeyondTrust breach. Reduce your risk by strengthening your third-party risk management processes using our #TPRM checklist: https://ow.ly/O9AE50UyQz4

Read the story: https://ow.ly/MPrG50UyQz2

#TPRM matters > African Reliance on Foreign Suppliers Boosts Insecurity https://www.darkreading.com/cyber-risk/african-reliance-on-foreign-suppliers-boosts-insecurity

Yet another reminder of the importance of Third-party Cyber Risk Management: https://cybersecuritynews.com/starbucks-hit-by-ransomware-attack/ #tprm #tpcrm #cyber #security #risk #management

It is worth pointing out that there are no shortcuts on how to manage the security of third-parties. Blue Yonder, the third-party involved in this incident, boast having SOC2 type II and ISO 27001 certifications. They surely answered all of the different self-assessment questionnaires it received to their customers' satisfaction. Their security ratings scores were certainly acceptable, if they were brought on as vendors.

And I know none of those things are strict guarantors of perfect security. Even companies that are mostly doing things well can be compromised. But at the same time, we need to wake up as an industry to the fact that the existing TPCRM practices are failing to protect us.

We need to work together to do better, go beyond the illusion of risk avoidance and risk transfer, and actually manage and mitigate third-party cyber risk.

Wow, @TenchiSecurity 's monthly newsletter of curated Third-Party Cyber Risk Management news has reached 12,000 subscribers!

This is a low-volume, high signal newsletter for the time strapped risk manager, highlighting breaches, regulatory changes and more.

Issue 27 is out, check it out and let me know what you think! https://www.linkedin.com/pulse/issue-27-november-2024-tenchisecurity-qhl8f/ #tprm #tpcrm #cyber #risk #compliance

Combat the rise in stolen source code incidents that is increasing your organization's #ThirdPartyRisk! Watch our 3-minute video to learn about real cases of source code theft, #darkweb listings, and how vendors can be weak links in your organization's #cybersecurity. https://youtu.be/Xg-UkNbP31c

Reduce your risk of a software supply chain #databreach! Watch our new video to learn actionable strategies to reduce your risk from third-party #software. Use this guidance to plan for 2025. https://youtu.be/Y5z-XwLED88

New line of business- “$1500 Vendor Review”

I will do a proper Vendor Review using human intelligence (HI) based on your company’s Vendor and Risk Management policies.

My average vendor review is 10 hours per vendor with both BizOps and InfoSec reviews, using standard TPRM methods, and will contain relevant documentation and attachments to make risk based decisions on vendors.

Yes - $1500 gets you 1 vendor review. Not a vendor program, not a vendor manager, just a single vendor review.

Seems like a lot of cash huh. Yep, but since you need it and don’t want to do it, pay me, I will do it for you.

Just had to write this for a vendor review:

"High Risk of possible loss to personnel and company assets due to continued political and military actions in the area of the company's main offices and team"

This is the second time in 30 days I have had to do this and it is not the same country.

This is a real risk that real security teams are dealing with today in countries with well established tech sectors.

This job is hard enough without having to dodge bullets and missiles.

Our Top Cybersecurity Control of Q3 2024 is #ThirdPartyRiskManagement! Last month's #CrowdStrike update outage was a reminder of the potential fallout from third party providers and why #TPRM is now a necessity. Read more: https://www.lmgsecurity.com/our-q3-2024-top-control-is-third-party-risk-management-lessons-from-the-crowdstrike-outage/ #SupplyChainSecurity

You all complain about #TPRM but this is exactly why 4th/5th party supply chain vendors are becoming a bigger deal.

Unless you want to be stuck in space for months or flying to grandmas house and have a door plug fall of the plane, it’s a good idea to know where your vendors and their vendors do business.

My MSP is literally focused on this. I live in a Boeing town, almost every business within 2 miles supports building planes, if not planes, trucks for Kenworth/PACCAR. I am trying my damnist to keep you all safe and I do it at the lowest level possible, the taco stand or bodega servicing the people doing the work and supporting the companies supporting Boeing and PACCAR.

It’s real security work, it’s real important, and I believe if we don’t invest in securing the spaces that support businesses, we all risk more than we should.

So jetcity.tech is my msp. It’s named that because of my supply chain support to the community supporting your business.

It’s not glamorous work, I ain’t winning awards, I ain’t speaking at cons, I am trying to keep my neighborhood safe. I didn’t know this was where I was going to when I started 2 years ago but it’s become a passion.
https://mastodon.green/@juliette/112930833651123166