Geopolitical risks can result in cyber-attacks, disruptions to business continuity, and reputational damage to organizations and third parties. Organizations can strengthen their control over third parties by establishing contracts, monitoring activities, and conducting risk assessments. Senior management takes steps such as strengthening policies and controls over data processing. In this article, we take a closer look at how geopolitical risks can affect third-party management and how organizations can strengthen their control over third parties.
The NIS2 Directive is new European Union legislation aimed at strengthening cybersecurity in various sectors, including operators of essential services and digital service providers. From October 2024, companies covered by the NIS2 Directive will have to meet certain minimum cybersecurity requirements. This means that companies must assess their current level of security and develop a plan to comply with the Directive. It is important to work with relevant stakeholders, regulators and supply chain partners to ensure everyone is aware of the requirements. Read more about the impact of the directives and requirements in this article.
Small and medium-sized enterprises face various cybersecurity risks when they outsource key business functions to third parties. These security risks are increasing due to the increasing size and complexity of their outsourced business functions, increased regulatory and customer scrutiny, and the sophistication of cyber attacks.
Third-party risk management is an important aspect of cybersecurity for any organization. One way to mitigate risks is by using haveibeenpwned.com, a website that lets you check if your email address or password has been compromised in a data breach. By using this tool, you can identify which third-party services pose the highest risk to your organization and take action to protect your data.
A phishing attack has resulted in the theft of some source code and internal documents at Reddit. An employee of the company clicked on a phishing email that redirected to a website that mimicked the company's intranet network.
Phishing is one of the most common ways attackers try to steal login credentials and other sensitive information. Unsurprisingly, even companies with extensive security measures can be vulnerable to these attacks, as Reddit recently discovered.
An employee of the discussion forum company fell for a phishing email that directed him to a website that mimicked Reddit's intranet network. Once there, attackers extracted the employee's login credentials and 2FA tokens. Fortunately for Reddit, the employee was honest about what had happened, allowing the company to quickly intervene and kick the intruders off the network.
Although Reddit claims that the stolen internal documents did not contain any malicious information, it is always worrying when company data falls into the wrong hands. However, the company assures that the intruders did not gain access to the systems that run Reddit and store its data. User accounts are not at risk either, according to Reddit, although the company recommends that you double-check the security of your account.
As a Reddit user, you can take additional security measures such as enabling MFA and using password managers. A password manager can help protect your account from phishing attacks by alerting you if you try to log in from an unknown domain name.
Phishing remains a popular method for attackers to steal sensitive information and expose organizations to security breaches. As a Reddit user, it is important to be extra cautious when opening emails and to use security measures such as MFA and password managers. Learn from this incident and take the necessary steps to protect your account.
Published by RiskStudio