Third-Party Risk and Cybersecurity: Navigating Evolving Threats and Data Governance

High-profile data breaches in the last few years have not only resulted in increased regulatory attention but have also served to highlight the evolving set of cyber threats faced by organisations. Of particular note, there have been numerous incidents where cybercriminals have managed to obtain organisational data not through a direct attack on the organisation but rather by breaching a third-party IT supplier to the organisation. The sophistication of cybercriminal attacks is increasing both in terms of the attack methodology and the strategic intent behind the selection of their targets. When the first wave of ransomware attacks was launched in the early 2000s, these were largely indiscriminate, impacting whichever personal, business, or government system that the malware could gain access to. Following this initial wave, we have observed increased fine-tuning of malware attacks over time. From a code perspective, some examples of this evolution have included built-in checks in the […]