Black Kite’s TPRM 2026 report warns of escalating cyber risk in retail & wholesale supply chains.

Ransomware, exposed credentials, and vendor blind spots remain critical issues.

https://www.technadu.com/wholesale-and-retail-sector-faces-critical-supply-chain-risks-black-kite-tprm-2026-report-says/618831/

Thoughts on continuous vendor risk monitoring?

#InfoSec #TPRM #SupplyChainSecurity

Show me who your third-parties are, and I'll show you how secure you are. #justsaying #tprm #tpcrm #cyber #security #risk #management

Top Mistake in Sharing Data with Vendors Securely #risk #grcmafia #grc #tprm

Discover the most common errors organizations make when sharing data with vendors, including risky email practices. - Leave ... source

https://quadexcel.com/wp/top-mistake-in-sharing-data-with-vendors-securely-risk-grcmafia-grc-tprm/

If you are a CISO, a board member or an executive with responsibility over information security and compliance at an enterprise, stop and read this amazing article by CybersecurityHQ right now: https://newsletter.cybersecurityhq.com/p/the-interdependence-collapse-why-fortune-100-cisos-are-losing-control-of-their-security-outcomes

It very clearly articulates the major challenges security programs are suffering from right now. My favorite quotes:

"Your third-party risk program is theater. Point-in-time questionnaires and annual SOC 2 reviews do not detect the vulnerabilities that matter. They exist to satisfy auditors, not to prevent breaches. The Salesloft-Drift attackers operated for six months before detection. Annual assessments would not have found them."

"Sixty percent of your breach exposure now sits in domains you depend on but cannot control. Your security program is optimized for the 15% you own."

"Your board does not understand the ecosystem it is accountable for. Only 17% of organizations report their leadership fully understands third-party cyber risks. The SEC is watching. Disclosure requirements are tightening. Fiduciary exposure is expanding. Ignorance is not a defense—it is a liability."

#tprm #tpcrm #cyber #security #enterprise #risk #management #grc

📰 Supply Chain Breaches Escalate Despite Maturing Defenses, Report Finds

📈 REPORT: Supply chain breaches are getting worse. A new BlueVoyant study finds 97% of firms were hit by a supplier-related breach in the last year, up from 81% in 2024, despite maturing TPRM programs. #SupplyChain #CyberRisk #TPRM #Security

🔗 https://cyber.netsecops.io/articles/supply-chain-breaches-rise-despite-increased-defense-efforts-report-finds/?utm_source=mastodon&utm_medium=social&utm_campaign=twitter_auto

@patrickcmiller nice #TPRM ‘state of the … domain?’ statistics and survey data. Thx for sharing.

@ravirockks I don't know much about the Pentagon's process, however, having been on both sides of #TPRM processes, I know that the first pass of the information submitted by the vendor is basically worthless and requires a lot of vetting and discussion with their security and/or RFP teams in face-to-face or video-on meetings so one can ascertain the level of truth to the submitted information.

Not to say that genAI can't be used here in some cases, but the continual and hand-wavy, "we're going to blindly chuck the old process and replace it with #genAI" just rings of rubber-stamping and not actually delivering on business objectives.

Third-party cyber risks are growing faster than ever, leaving organizations vulnerable. Here are 6 lessons to strengthen your TPRM strategy. https://jpmellojr.blogspot.com/2025/03/ciso-survey-6lessons-to-boost-third.html #Panorays #CISOsurvey #TPRM #SupplyChainSecurity

Finally I think we getting into a grove now, check out the latest Threat Thursday and let me know what you think https://youtu.be/gX864VDqJG4?si=lPp7WnImSAxe0usR #tprm #stealerlogs

« Securing the software supply chain with the SLSA framework » > Supply-chain Levels for Software Artifacts (SLSA) pose un cadre pour vérifier la source et les conditions de build d’un logiciel. Avec des exemples pour PyPI et NPM #TPRM

The second episode of the Alice in Supply Chains podcast is out!

This is a podcast where @sawaba and I discuss what we consider some of most important news related to Third-Party Cyber Risk Management from the previous month.

You can check it out on the major podcast platforms.

Youtube: https://www.youtube.com/watch?v=CMYDeb56FWs

Spotify: https://open.spotify.com/episode/7qPB7IauZ1QGdmuczircB8?nd=1&dlsi=7972d56c585442c6

Apple Music: https://podcasts.apple.com/br/podcast/episode-2-february-2025/id1791990827?i=1000694446509

Amazon Music: https://music.amazon.com.br/podcasts/baac01b9-a19b-4c3a-837b-637fad39be4d/alice-in-supply-chains

This is based on the longer monthly newsletter of the same name published by @TenchiSecurity on LinkedIN. You can find the latest edition at https://www.linkedin.com/pulse/issue-30-february-2025-tenchisecurity-aejkf/

#tprm #tpcrm #cyber #risk #compliance #management

Third-Party Risk is a Top Threat in 2025—Are You Ready? From breaches to AI-driven vendor risks, third-party risk is evolving fast. Learn how to secure your vendor ecosystem & reduce risk. Watch now! https://youtu.be/HV-Ysn6-ZxQ

#Cybersecurity #TPRM #VendorSecurity #AI #RiskManagement #CISO

Happy to announce the launch of the Alice in Supply Chains #podcast, posted monthly, focusing on topical discussions on the top news relevant to Third-Party Cyber Risk Management.

"Plant a tree, have a child, and write a book. These all live on after us, insuring a measure of immortality." We all know that these days, the writing a book part would probably be replaced with "host a podcast".

Given that inevitability, I have finally decided to face my impostor syndrome and my non-native and accented English and give that a go. Standing on the shoulders of the collective effort we do at @TenchiSecurity on publishing high-quality content on Third-Party Cyber Risk Management in the Alice in Supply Chains newsletter, and counting on the vast experience and expertise of my good friend and co-host @sawaba .

Please check it out and let us know what you think, we are really at the beginning of the learning curve here and can use the feedback. Hope you like it!

Youtube: https://www.youtube.com/playlist?list=PL22qeD49pJIix3gpBoeYvzcdATBhCoGLR

Spotify: https://open.spotify.com/episode/2GLA4H22nRixBWMwSgfr2M?si=SuhuCiHtS92-O5KdvYeNMw&nd=1&dlsi=1bc786e899e14f09

Amazon: https://music.amazon.com.br/podcasts/baac01b9-a19b-4c3a-837b-637fad39be4d/alice-in-supply-chains

Apple: https://podcasts.apple.com/us/podcast/alice-in-supply-chains/id1791990827

If you haven't subscribed to the newsletter yet, you can do so now at https://podcasts.apple.com/us/podcast/alice-in-supply-chains/id1791990827

#tprm #tpcrm #cyber #security #risk #management

Are you ready for 2025's top cybersecurity threats? From generative AI attacks and deepfake extortion to third-party breaches, read our blog for actionable strategies to reduce your organization's risk. Read more: https://www.lmgsecurity.com/2025-cybersecurity-priorities-top-3-focus-areas-for-cybersecurity-leaders/

#Cybersecurity #AI #Deepfake #TPRM #2025Priorities #riskmanagement #CISO #infosec #GenAI

The US Treasury Dept was the victim of a 2nd party #databreach due to the BeyondTrust breach. Reduce your risk by strengthening your third-party risk management processes using our #TPRM checklist: https://ow.ly/O9AE50UyQz4

Read the story: https://ow.ly/MPrG50UyQz2

#cybersecurity #riskmanagement #IT #infosec #security #supplychain #CISO

#TPRM matters > African Reliance on Foreign Suppliers Boosts Insecurity https://www.darkreading.com/cyber-risk/african-reliance-on-foreign-suppliers-boosts-insecurity

My thoughts on the Blue Yonder incident and the value of Security Scoring, as a follow-up and reflection of the conversation @riskybusiness and
@metlstorm had at the Risky Business podcast: https://www.youtube.com/watch?v=cstfm5FbRFI&t=1481s #tprm #tpcrm #cyber #security #risk

Since I am unable to upload my video here, I'll add the LinkedIN post link: https://www.linkedin.com/posts/sieira_tprm-tpcrm-cyber-activity-7270431264942215168-yZFm

Yet another reminder of the importance of Third-party Cyber Risk Management: https://cybersecuritynews.com/starbucks-hit-by-ransomware-attack/ #tprm #tpcrm #cyber #security #risk #management

It is worth pointing out that there are no shortcuts on how to manage the security of third-parties. Blue Yonder, the third-party involved in this incident, boast having SOC2 type II and ISO 27001 certifications. They surely answered all of the different self-assessment questionnaires it received to their customers' satisfaction. Their security ratings scores were certainly acceptable, if they were brought on as vendors.

And I know none of those things are strict guarantors of perfect security. Even companies that are mostly doing things well can be compromised. But at the same time, we need to wake up as an industry to the fact that the existing TPCRM practices are failing to protect us.

We need to work together to do better, go beyond the illusion of risk avoidance and risk transfer, and actually manage and mitigate third-party cyber risk.

Wow, @TenchiSecurity 's monthly newsletter of curated Third-Party Cyber Risk Management news has reached 12,000 subscribers!

This is a low-volume, high signal newsletter for the time strapped risk manager, highlighting breaches, regulatory changes and more.

Issue 27 is out, check it out and let me know what you think! https://www.linkedin.com/pulse/issue-27-november-2024-tenchisecurity-qhl8f/ #tprm #tpcrm #cyber #risk #compliance

Combat the rise in stolen source code incidents that is increasing your organization's #ThirdPartyRisk! Watch our 3-minute video to learn about real cases of source code theft, #darkweb listings, and how vendors can be weak links in your organization's #cybersecurity. https://youtu.be/Xg-UkNbP31c

#RiskManagement #VendorSecurity #DataBreach #TPRM #infosec #cyberaware #SMB #DFIR #security #CISO