Between Optus, Medibank, Lattitude, Nissan Financial and the countless others, I reckon the Australian public have had a guts full. Lets not forget, most of these businesses stretch across the ditch and affect us kiwi’s too.
While you may be preparing for your end of year break, threat actors are ramping up for the golden season. This is where those ‘postal delivery scams’ and the ‘too good to be true’ deals really start to award the cybercriminals, preying on stressed out santa’s elves who are under the pump to deliver on those demanding gift lists. We’ve all sat through the #cyberawareness training, you know what to look out for.
But is your business up for the challenge ?
In an eary similarity to the ‘Accellion compromise’ which you may recall affected high profile institutions such as the New Zealand Reserve bank and Australian Securities and Investments Commission way back when, recently, Nissan financial services Australia and New Zealand suffered a cyber attack due to utilising an outdated version of Serv-U, software designed to handle managed file transfers, provided by none other than our old friend, Solarwinds – the gift that keeps on giving!
Sadly, cl0p ransomware group have been bragging about exploiting this software from as far back as November 2021 😱
So I can hear your brains thinking – how could an organisation even solve this problem ? Its a vendor, out of your control – Right ?
#TPRM is here to help you! And I’d just like to iterate some of my previous posts … sending your vendor a questionnaire and reviewing a 10 month old vulnerability scan IS. NOT. GOOD. ENOUGH. Third-party questionaires are a death by 1000 paper cuts exercise – Absolutely NOBODY wants to do them, and you are not going to solicit someones best work by sending them out. If your business practices this type of activity, STOP IT, stop it now. We’ve invented the wheel since you created your process, the industry has evolved.
Our technology partner Black Kite has developed a platform that continously monitors your vendors for vulnerabilities and tells you (and your vendors if you wish) when new vulnerabilities exist, allowing you to make informed decisions on how to safeguard your business should the worst happen.
Black Kite offers a comprehensive platform for third-party and cyber risk management, providing several significant benefits:
- 360° Visibility and Insight: Black Kite’s platform delivers a comprehensive view of cyber risk, integrating intelligence from technical, financial, and compliance perspectives. This approach ensures a holistic strategy in vendor risk management, eliminating false positives and providing reliable data for decision-making.
- Standards-Based Methodology: The platform uses a fully transparent, standards-based cyber ratings approach, ensuring that users understand how findings are calculated. It leverages a continuously updated global database of high-quality risk intelligence, which helps in making informed decisions and taking appropriate actions.
- Automated Continuous Monitoring: Black Kite’s platform enables automated monitoring of cyber risk, particularly useful for technology companies dealing with numerous third parties. It identifies gaps and prioritizes remediation efforts effectively, thus helping in early detection and response to evolving cyber threats.
- Cross-Correlation to Industry Standards: The platform correlates cyber risk findings to various industry standards and best practices, measuring the compliance level of any company against regulations like NIST 800-53, ISO27001, PCI-DSS, HIPAA, GDPR, and others. This feature saves time and effort while ensuring compliance with multiple regulations simultaneously.
- Quality Insight & Accurate Data: Black Kite prides itself on providing defensible, clear-cut data with minimal false positives. The platform is designed to give full visibility into a vendor’s cyber position using open-source intelligence tools and techniques similar to those used by hackers. This methodology converts highly technical terms into business language, making it accessible to executives.
Â
CyberGrape is an award winning business that has been helping organisations across APAC with their third-party risk management programmes. If you would like to understand the Black Kite offering and see how it can help your business remain safe from supply-chain compromises, please get in touch with us here :
Footnote : (BTW – If you have purchased a nice shiney new Nissan, Renault or Mitsubishi recently and applied for finance – even if you went with your bank or paid by an alternative means, your personal details might still be at risk if they were run through the system – best to get that checked!) ✅
