@patrickcmiller nice #TPRM ‘state of the … domain?’ statistics and survey data. Thx for sharing.
@patrickcmiller nice #TPRM ‘state of the … domain?’ statistics and survey data. Thx for sharing.
@ravirockks I don't know much about the Pentagon's process, however, having been on both sides of #TPRM processes, I know that the first pass of the information submitted by the vendor is basically worthless and requires a lot of vetting and discussion with their security and/or RFP teams in face-to-face or video-on meetings so one can ascertain the level of truth to the submitted information.
Not to say that genAI can't be used here in some cases, but the continual and hand-wavy, "we're going to blindly chuck the old process and replace it with #genAI" just rings of rubber-stamping and not actually delivering on business objectives.
Third-Party Risk Management – How to Build a Strong TPRM Program https://cybersecuritynews.com/third-party-risk-management/ #CyberSecurityNews #cybersecuritynews #RiskManagement #CyberSecurity #cybersecurity #TPRM
Third-party cyber risks are growing faster than ever, leaving organizations vulnerable. Here are 6 lessons to strengthen your TPRM strategy. https://jpmellojr.blogspot.com/2025/03/ciso-survey-6lessons-to-boost-third.html #Panorays #CISOsurvey #TPRM #SupplyChainSecurity
Finally I think we getting into a grove now, check out the latest Threat Thursday and let me know what you think https://youtu.be/gX864VDqJG4?si=lPp7WnImSAxe0usR #tprm #stealerlogs
The second episode of the Alice in Supply Chains podcast is out!
This is a podcast where @sawaba and I discuss what we consider some of most important news related to Third-Party Cyber Risk Management from the previous month.
You can check it out on the major podcast platforms.
Youtube: https://www.youtube.com/watch?v=CMYDeb56FWs
Spotify: https://open.spotify.com/episode/7qPB7IauZ1QGdmuczircB8?nd=1&dlsi=7972d56c585442c6
Apple Music: https://podcasts.apple.com/br/podcast/episode-2-february-2025/id1791990827?i=1000694446509
Amazon Music: https://music.amazon.com.br/podcasts/baac01b9-a19b-4c3a-837b-637fad39be4d/alice-in-supply-chains
This is based on the longer monthly newsletter of the same name published by @TenchiSecurity on LinkedIN. You can find the latest edition at https://www.linkedin.com/pulse/issue-30-february-2025-tenchisecurity-aejkf/
Third-Party Risk is a Top Threat in 2025—Are You Ready? From breaches to AI-driven vendor risks, third-party risk is evolving fast. Learn how to secure your vendor ecosystem & reduce risk. Watch now! https://youtu.be/HV-Ysn6-ZxQ
Happy to announce the launch of the Alice in Supply Chains #podcast, posted monthly, focusing on topical discussions on the top news relevant to Third-Party Cyber Risk Management.
"Plant a tree, have a child, and write a book. These all live on after us, insuring a measure of immortality." We all know that these days, the writing a book part would probably be replaced with "host a podcast".
Given that inevitability, I have finally decided to face my impostor syndrome and my non-native and accented English and give that a go. Standing on the shoulders of the collective effort we do at @TenchiSecurity on publishing high-quality content on Third-Party Cyber Risk Management in the Alice in Supply Chains newsletter, and counting on the vast experience and expertise of my good friend and co-host @sawaba .
Please check it out and let us know what you think, we are really at the beginning of the learning curve here and can use the feedback. Hope you like it!
Youtube: https://www.youtube.com/playlist?list=PL22qeD49pJIix3gpBoeYvzcdATBhCoGLR
Amazon: https://music.amazon.com.br/podcasts/baac01b9-a19b-4c3a-837b-637fad39be4d/alice-in-supply-chains
Apple: https://podcasts.apple.com/us/podcast/alice-in-supply-chains/id1791990827
If you haven't subscribed to the newsletter yet, you can do so now at https://podcasts.apple.com/us/podcast/alice-in-supply-chains/id1791990827
Are you ready for 2025's top cybersecurity threats? From generative AI attacks and deepfake extortion to third-party breaches, read our blog for actionable strategies to reduce your organization's risk. Read more: https://www.lmgsecurity.com/2025-cybersecurity-priorities-top-3-focus-areas-for-cybersecurity-leaders/
The US Treasury Dept was the victim of a 2nd party #databreach due to the BeyondTrust breach. Reduce your risk by strengthening your third-party risk management processes using our #TPRM checklist: https://ow.ly/O9AE50UyQz4
Read the story: https://ow.ly/MPrG50UyQz2
#TPRM matters > African Reliance on Foreign Suppliers Boosts Insecurity https://www.darkreading.com/cyber-risk/african-reliance-on-foreign-suppliers-boosts-insecurity
Yet another reminder of the importance of Third-party Cyber Risk Management: https://cybersecuritynews.com/starbucks-hit-by-ransomware-attack/ #tprm #tpcrm #cyber #security #risk #management
It is worth pointing out that there are no shortcuts on how to manage the security of third-parties. Blue Yonder, the third-party involved in this incident, boast having SOC2 type II and ISO 27001 certifications. They surely answered all of the different self-assessment questionnaires it received to their customers' satisfaction. Their security ratings scores were certainly acceptable, if they were brought on as vendors.
And I know none of those things are strict guarantors of perfect security. Even companies that are mostly doing things well can be compromised. But at the same time, we need to wake up as an industry to the fact that the existing TPCRM practices are failing to protect us.
We need to work together to do better, go beyond the illusion of risk avoidance and risk transfer, and actually manage and mitigate third-party cyber risk.
Wow, @TenchiSecurity 's monthly newsletter of curated Third-Party Cyber Risk Management news has reached 12,000 subscribers!
This is a low-volume, high signal newsletter for the time strapped risk manager, highlighting breaches, regulatory changes and more.
Issue 27 is out, check it out and let me know what you think! https://www.linkedin.com/pulse/issue-27-november-2024-tenchisecurity-qhl8f/ #tprm #tpcrm #cyber #risk #compliance
Combat the rise in stolen source code incidents that is increasing your organization's #ThirdPartyRisk! Watch our 3-minute video to learn about real cases of source code theft, #darkweb listings, and how vendors can be weak links in your organization's #cybersecurity. https://youtu.be/Xg-UkNbP31c
Reduce your risk of a software supply chain #databreach! Watch our new video to learn actionable strategies to reduce your risk from third-party #software. Use this guidance to plan for 2025. https://youtu.be/Y5z-XwLED88
$1500 is cheap if you stop adding AI to every tool you have making the need for more vendor reviews and creating a never ending cycle of pain management for your vendor manager.
#smallbusiness #RiskManagement #tprm #supplychain #vendormanagement
New line of business- “$1500 Vendor Review”
I will do a proper Vendor Review using human intelligence (HI) based on your company’s Vendor and Risk Management policies.
My average vendor review is 10 hours per vendor with both BizOps and InfoSec reviews, using standard TPRM methods, and will contain relevant documentation and attachments to make risk based decisions on vendors.
Yes - $1500 gets you 1 vendor review. Not a vendor program, not a vendor manager, just a single vendor review.
Seems like a lot of cash huh. Yep, but since you need it and don’t want to do it, pay me, I will do it for you.
Just had to write this for a vendor review:
"High Risk of possible loss to personnel and company assets due to continued political and military actions in the area of the company's main offices and team"
This is the second time in 30 days I have had to do this and it is not the same country.
This is a real risk that real security teams are dealing with today in countries with well established tech sectors.
This job is hard enough without having to dodge bullets and missiles.
Our Top Cybersecurity Control of Q3 2024 is #ThirdPartyRiskManagement! Last month's #CrowdStrike update outage was a reminder of the potential fallout from third party providers and why #TPRM is now a necessity. Read more: https://www.lmgsecurity.com/our-q3-2024-top-control-is-third-party-risk-management-lessons-from-the-crowdstrike-outage/ #SupplyChainSecurity
You all complain about #TPRM but this is exactly why 4th/5th party supply chain vendors are becoming a bigger deal.
Unless you want to be stuck in space for months or flying to grandmas house and have a door plug fall of the plane, it’s a good idea to know where your vendors and their vendors do business.
My MSP is literally focused on this. I live in a Boeing town, almost every business within 2 miles supports building planes, if not planes, trucks for Kenworth/PACCAR. I am trying my damnist to keep you all safe and I do it at the lowest level possible, the taco stand or bodega servicing the people doing the work and supporting the companies supporting Boeing and PACCAR.
It’s real security work, it’s real important, and I believe if we don’t invest in securing the spaces that support businesses, we all risk more than we should.
So jetcity.tech is my msp. It’s named that because of my supply chain support to the community supporting your business.
It’s not glamorous work, I ain’t winning awards, I ain’t speaking at cons, I am trying to keep my neighborhood safe. I didn’t know this was where I was going to when I started 2 years ago but it’s become a passion.
https://mastodon.green/@juliette/112930833651123166