相關主題
商品描述
Move beyond the checklist and fully protect yourself from third-party cybersecurity risk
Over the last decade, there have been hundreds of big-name organizations in every sector that have experienced a public breach due to a vendor. While the media tends to focus on high-profile breaches like those that hit Target in 2013 and Equifax in 2017, 2020 has ushered in a huge wave of cybersecurity attacks, a near 800% increase in cyberattack activity as millions of workers shifted to working remotely in the wake of a global pandemic.
The 2020 SolarWinds supply-chain attack illustrates that lasting impact of this dramatic increase in cyberattacks. Using a technique known as Advanced Persistent Threat (APT), a sophisticated hacker leveraged APT to steal information from multiple organizations from Microsoft to the Department of Homeland Security not by attacking targets directly, but by attacking a trusted partner or vendor. In addition to exposing third-party risk vulnerabilities for other hackers to exploit, the damage from this one attack alone will continue for years, and there are no signs that cyber breaches are slowing.
Cybersecurity and Third-Party Risk delivers proven, active, and predictive risk reduction strategies and tactics designed to keep you and your organization safe. Cybersecurity and IT expert and author Gregory Rasner shows you how to transform third-party risk from an exercise in checklist completion to a proactive and effective process of risk mitigation.
- Understand the basics of third-party risk management
- Conduct due diligence on third parties connected to your network
- Keep your data and sensitive information current and reliable
- Incorporate third-party data requirements for offshoring, fourth-party hosting, and data security arrangements into your vendor contracts
- Learn valuable lessons from devasting breaches suffered by other companies like Home Depot, GM, and Equifax
The time to talk cybersecurity with your data partners is now.
Cybersecurity and Third-Party Risk is a must-read resource for business leaders and security professionals looking for a practical roadmap to avoiding the massive reputational and financial losses that come with third-party security breaches.
商品描述(中文翻譯)
超越檢查清單,全面保護自己免受第三方網路安全風險
在過去十年中,各行各業有數百個知名組織因供應商而遭遇公開的資料外洩事件。雖然媒體往往專注於像2013年Target和2017年Equifax這樣的高調外洩事件,但2020年卻帶來了一波巨大的網路安全攻擊,隨著數百萬員工因全球疫情而轉向遠端工作,網路攻擊活動幾乎增加了800%。
2020年的SolarWinds供應鏈攻擊說明了這一劇烈增加的網路攻擊所帶來的持久影響。利用一種稱為高級持續威脅(Advanced Persistent Threat, APT)的技術,一名複雜的駭客利用APT從多個組織(從Microsoft到國土安全部)竊取資訊,並不是直接攻擊目標,而是攻擊一個受信任的合作夥伴或供應商。除了暴露第三方風險漏洞供其他駭客利用外,這一次攻擊所造成的損害將持續多年,且沒有跡象顯示網路外洩事件會減少。
網路安全與第三方風險提供經過驗證的、主動的和預測性的風險降低策略和戰術,旨在保護您和您的組織安全。網路安全和IT專家及作者Gregory Rasner將向您展示如何將第三方風險從完成檢查清單的練習轉變為一個主動且有效的風險緩解過程。
- 了解第三方風險管理的基本概念
- 對與您網路相連的第三方進行盡職調查
- 保持您的數據和敏感資訊的最新性和可靠性
- 在您的供應商合約中納入外包、第四方托管和數據安全安排的第三方數據要求
- 從其他公司(如Home Depot、GM和Equifax)遭受的重大外洩事件中學習寶貴的教訓
與您的數據合作夥伴討論網路安全的時機就是現在。
網路安全與第三方風險是商業領袖和安全專業人士必讀的資源,尋求實用的路線圖以避免因第三方安全外洩而帶來的巨大聲譽和財務損失。
作者簡介
GREGORY C. RASNER is the lead of Cyber Third-Party Risk at Truist Financial Corporation. He has extensive experience in cybersecurity and technology leadership in banking, biotech, software, telecom, and manufacturing. He is the author of several published articles on Third Party Risk and is a sought-after keynote speaker in this area.
作者簡介(中文翻譯)
格雷戈里·C·拉斯納是Truist Financial Corporation的網路第三方風險負責人。他在銀行、生技、軟體、電信和製造業擁有豐富的網路安全和技術領導經驗。他是多篇有關第三方風險的已發表文章的作者,並且在這個領域中是一位備受追捧的主題演講者。
