Monthly Archives: May 2023

Automated Security Assessments: Expectations and Preparation

What to expect during an automated security assessment and how to prepare for it - findings.co

Automated security assessments are one of the most talked about features in the supply chain management industry. Organizations have turned to automated solutions to enhance their risk management and supply chain compliance after recognizing the need to eliminate the burdensome and time-consuming task of manually auditing and tracking numerous vendors. It makes sense after all. Who wants to spend hours on end of manual work to audit and chase hundreds of thousands of vendors? 


The answer is: no one. 


Findings’ comprehensive platform has gone above and beyond to automate risk management and supply chain compliance, saving organizations of all sizes extensive manual work and reducing friction. 


Now, let’s break down some things you should expect to see when using the platform that will ultimately help you prepare. 


  1. Assessment Logic 


When managing assessments in Findings platform, you can create an assessment from scratch with branching logic or upload pre-existing assessments and tweak it to suit your needs. When you create an assessment from scratch, you can create a question with various answer choices. If the answer choices are branching types such as the Radio button, multiply select, or dropdown, you can create a follow-up question based on a certain response chosen. 


When it comes to uploading assessments from pre-existing documents, you can edit the subjects and alter the logic to suit the vendor’s needs via our assessment wizard. Once the assessment has been uploaded you can clone, edit and tailor custom it with various app integrations for the associated vendors. 


  1. Findings and Remediation:


Imagine the ability to pre-create remediation plans and suggestions. Essentially, rather than sending out an assessment to a vendor and having to review it and write out compliance corrections and suggestions manually, this is pre-prepared before the vendor even begins the assessment. For any answer choice that is not in compliance, you can create a remediation suggested plan for that answer and change the risk level that will affect the vendor’s overall score. When the vendor completes the assessment, they already have a remediation plan ready for them, so that they can bridge the gaps without all the time-consuming back and forth. 


  1. Response Repository (NLP):


Our response repository is based on neuro-linguistic programming and is one of the biggest assets our users hold. When a vendor or customer completes an assessment, our system scans the answers and creates a respiratory for similar written questions the next time an assessment is completed. The next time a user completes an assessment, our automated suggested answers pop up and the user can insert the answers based on the relevant match. This saves numerous hours of manual work by having to complete assessments from scratch. Within seconds, your assessment can be completed and you can focus on other essential tasks. 


Automated security assessments provided by Findings are perfect for organizations seeking efficient risk management and streamlined supply chain compliance. By automating the assessment process, organizations of all sizes can save valuable time and resources that would otherwise be spent on manual audits and vendor follow-ups. By utilizing the features we offer, organizations can complete assessments quickly and focus on other essential tasks, ultimately improving their overall security posture and supply chain management.






Learn More Today

Benefits of Automating Security Assessments for Your Organization

Findings.co explores the benefits of automating security assessments

It is indeed true that companies that fail to leverage automated tools are overlooking significant opportunities. This hold particularly true when it comes to security and compliance. Companies are finding it increasingly challenging to proactively identify, address, and mitigate security issues, since, well – there’s more threats than ever. Conducting regular security assessments is essential to detect vulnerabilities and reduce the risk of future breaches. However, relying on manual methods and outdated procedures can be unreliable and diminish the effectiveness of risk mitigation strategies. To ensure secure and robust networks, as a business leader, you must prioritize the implementation of automated security assessments. They not only minimize risk exposure, but they can shorten the sales cycle and save a company money, and they also strengthen cybersecurity defenses, making it a crucial investment for your company. 

(Source: CISA – Continuous Diagnostics and Mitigation Learning Program: Benefits of Automating Security Control Assessments)

Automation Speeds Up Reaction and Activity:

Automation plays a vital role in streamlining processes and driving transformation in modern industries. By automating the risk assessment process and management, organizations can make informed financial decisions, streamline risk and compliance procedures, and enhance their overall risk profile. This automation eliminates human error, enables faster response times, and promotes growth. Real-time threat information and risk reports empower security teams to handle threats more effectively and improve response and action times. Automated risk management strategies can efficiently compile, classify, upload, and organize incoming data, which allows for the identification of similar incidents and the implementation of prepared actions or responses.

Enhanced Cybersecurity Risk Management:

Automated assessments provide organizations the ability to manage cybersecurity risks more comprehensively and effectively. These assessments offer security teams up-to-date and detailed data about ALL their vendors that can be shared with senior management and executives. By eliminating manual tasks and enabling real-time monitoring, automation allows risk managers to focus on risk avoidance and mitigation. Furthermore, automation expedites the entire risk management process by instantly uploading fresh data and promptly reporting any issues. Through continuous monitoring and real-time visibility, organizations can identify gaps in their cybersecurity posture and take the necessary security measures to rectify them.

Standardizing Data and Improving Collaboration:

In many organizations, different departments rely on separate and potentially incompatible data to analyze and assess cyber risks. With so much data floating around in different hands, conflicting reports create confusion among managers. Automated security assessments provide a centralized platform for data collection, ensuring consistent and standardized data across the organization. This eliminates discrepancies and enables effective collaboration among departments. Executives and managers can access accurate and comprehensive information, leading to better-informed decision-making and improved cyber risk management strategies.

Scaling Security Risk Assessment:

Automation significantly simplifies the scalability of security risk assessment processes within a company. Automated assessment platforms like Findings are designed to handle both small and large-scale tasks, allowing organizations to adapt to changing demands without the need for hiring and training new personnel. Predictability is another advantage of automation, as most response actions can be anticipated, making it easier to manage various system interactions securely. Additionally, automation provides better tracking capabilities, allowing organizations to monitor progress, identify completed assessment components, and address pending tasks more efficiently.

Measuring ROI of Automation:

Calculating the return on investment (ROI) for automated security risk assessment involves considering the time and resources saved by automating time-consuming tasks and preventing adverse outcomes. While evaluating the ROI for automated security risk assessment may differ from other business operations, the goal is to demonstrate to IT management that the investment was worthwhile, considering the resources and time allocated.

Out With the Old, in With the New:

In today’s digital landscape, where cyberattacks are a constant threat, automating security assessments is not just beneficial but imperative for organizations aiming to protect their assets, maintain customer trust, and ensure business continuity. It is an investment that pays off in terms of enhanced security, streamlined processes, and improved risk management.

Collaborating with companies like Findings – who specialize in security risk assessment automation can help organizations identify weaknesses and risks more effectively. Automated security risk assessments provide a proactive approach to maintaining the security of organizational systems, preventing potential breaches, and ensuring a safe operating environment. By leveraging automation, organizations can improve response times, standardize data, enhance collaboration, and scale security risk assessment processes. It is crucial for businesses to embrace automation.


Learn More Today

How Hackers Are Utilizing Lateral Movements

Findings.co explores how hackers are utilizing Lateral Movements

A Hacker’s Playground


In the world of cybersecurity, lateral movement is one of the most commonly used and destructive tactics employed by hackers. It is a technique in which an attacker who has gained access to a compromised device within a network then uses that access to move across the network, compromising other devices and systems. According to a study by VMware Contexa, 44% of intrusions include lateral movement, making it a significant threat to organizations of all sizes.


What is Lateral Movement?


Lateral movement is a technique used by hackers to gain access to additional devices and systems within a network. Once a hacker has successfully breached one device, they can use the access they have gained to move laterally across the network, potentially accessing valuable data, exfiltrating data, or deploying ransomware.


Lateral movement can take many forms, but one of the most common is the use of stolen credentials. Hackers often use phishing or other social engineering tactics to obtain user credentials, such as usernames and passwords, which they can then use to access other devices within the network. Once inside the network, the hacker can use various techniques to evade detection, such as using encryption, tunneling, or other forms of obfuscation to hide their activity.


Another common form of lateral movement is the exploitation of unpatched vulnerabilities. Hackers can use known vulnerabilities in software or systems to gain access to a device, and then use that access to move laterally across the network. In some cases, hackers may even create new vulnerabilities in the software or systems they compromise to make lateral movement easier.


Why is Lateral Movement so Dangerous?


Lateral movement is dangerous because it allows hackers to access multiple devices and systems within a network, potentially compromising valuable data and systems. This can lead to data theft, financial losses, and even system shutdowns. Lateral movement also allows hackers to “island hop” across networks, gaining access to systems in other organizations that are connected to the compromised network.


Once hackers have gained access to a network, they can use lateral movement to maintain persistence, meaning that they can continue to access the network even if some of their access points are detected and removed. This makes it more difficult for organizations to detect and remove the hackers from their networks, increasing the potential damage that can be done.


How Can Organizations Protect Themselves?


Organizations can protect themselves from lateral movement by implementing several cybersecurity best practices. One important step is to implement multi-factor authentication, an extra level of security, which requires users to provide additional forms of identification beyond just a username and password. While it isn’t completely foolproof, it can help prevent hackers from using stolen credentials to access additional devices within the network.


Another important step is to regularly patch software and systems to address known vulnerabilities. When companies stay on top of it, they can prevent hackers from using vulnerabilities to gain access to the network and move laterally across devices. Additionally, organizations should use network segmentation to limit the lateral movement of hackers. In an explanation provided by the Cybersecurity and Infrastructure Security Agency (CISA) they explain that it is “a physical or virtual architectural approach dividing a network into multiple segments, each acting as its own subnetwork providing additional security and control. Creating boundaries between the operational technology (OT) and information technology (IT) networks reduces many risks associated with the IT network, such as threats caused by phishing attacks. Segmentation limits access to devices, data, and applications and restricts communications between networks.” This can help contain the spread of a potential attack and limit the damage that can be done.


Organizations should also regularly monitor their networks for suspicious activity, such as unusual login attempts or data exfiltration. This can help identify potential breaches early on and allow organizations to take action before the damage is done.


Finally, it is important for organizations to provide regular cybersecurity training to their employees. This can help employees recognize and avoid common phishing and social engineering tactics, which are often used by hackers to obtain credentials and gain access to networks.


Key Takeaways:


It’s extremely important for organizations to take lateral movement seriously and take steps to protect themselves against this type of attack. By implementing best practices and staying vigilant, organizations can reduce the risk of a successful lateral movement attack and protect their valuable data and systems. Continuous monitoring is a cybersecurity practice that involves constantly monitoring an organization’s networks and systems for suspicious activity or threats. By implementing continuous monitoring, organizations can detect potential lateral movement attacks early on and take action before any significant damage is done.


Continuous monitoring involves the use of automated tools that can detect and alert security teams of any unusual activity on the network. This can include unexpected login attempts, unauthorized access to sensitive data, and attempts to exploit vulnerabilities in software and systems.


In addition to automated tools, continuous monitoring also involves regular human oversight and analysis. Security teams can review alerts and data logs to identify potential threats and investigate any suspicious activity. This can help identify and stop lateral movement attacks early on, before they can cause significant damage.


Overall, continuous monitoring can be a valuable tool in the fight against lateral movement attacks and other cybersecurity threats. By implementing this practice, organizations can improve their security posture and reduce the risk of a successful attack.




Learn About Our Continuous Monitoring Solution

Don’t Let Hackers In: Your Company Needs to Enforce 2FA ASAP

what is two factor authentication? 2fa

There’s no denying it – 2FA is a game-changer. Two-factor authentication (2FA) is a security process that requires a user to provide two different factors to verify their identity. It adds an extra layer of security beyond passwords and is an important tool for companies to use to protect their sensitive information and prevent unauthorized access. In this blog post, we will explore the benefits of 2FA and look at some real-world examples of cyberattacks that could have been prevented or mitigated if 2FA had been used.


What is Two-Factor Authentication (2FA)?


2FA is a security process that requires a user to provide two different factors to verify their identity. These factors typically include something the user knows, such as a password or PIN, and something the user has, such as a security token or mobile device. By requiring two different factors, 2FA ensures that only authorized users can access systems and data, helping to prevent unauthorized access and protect against phishing attacks.


Benefits of Two-Factor Authentication (2FA):


The importance of 2FA cannot be overstated. In today’s digital landscape, cyberattacks are becoming increasingly sophisticated, and it’s becoming more difficult to protect against them. However, by implementing 2FA, companies can significantly reduce the risk of a breach occurring.


There are many benefits to using 2FA to protect sensitive information and prevent unauthorized access. Some of the key benefits include:


Increased Security:

  • 2FA adds an extra layer of security beyond passwords, making it more difficult for attackers to gain access to systems and data. By requiring two different authentication factors, 2FA ensures that only authorized users can access sensitive information, helping to prevent data breaches and other security incidents.

Protection Against Phishing Attacks: 

  • Phishing attacks are a common tactic used by cybercriminals to trick users into revealing their login credentials. 2FA can help protect against phishing attacks by requiring users to provide a second factor of authentication, making it more difficult for attackers to gain access to sensitive information.

Compliance Requirements: 

  • Many regulatory frameworks require the use of 2FA to protect sensitive information. For example, the Payment Card Industry Data Security Standard (PCI DSS) requires merchants who accept credit card payments to use multi-factor authentication for remote access to the cardholder data environment. In addition, some states have passed laws that require companies to implement 2FA in certain situations. For example, the New York State Department of Financial Services (NYDFS) Cybersecurity Regulation requires covered entities to implement multi-factor authentication for access to sensitive data and systems. Internationally, the European Union’s General Data Protection Regulation (GDPR) does not explicitly require companies to implement 2FA, but it does require companies to implement appropriate technical and organizational measures to ensure the security of personal data. The GDPR also requires companies to notify data subjects in the event of a data breach, and 2FA can be an effective means of preventing unauthorized access to personal data. Overall, while there is no universal requirement for companies to implement 2FA, many industries and regulatory bodies recognize its importance in improving security and protecting sensitive data. By implementing 2FA, companies can ensure that they are in compliance with these requirements, helping to avoid potential fines and other penalties.

Trust:

  • Enforcing 2FA builds trust with customers, who will appreciate the additional security measures in place to protect their data. 


Why 2FA isn’t enough sometimes:


The effectiveness of 2FA lies in its deployment, rather than the security measure itself. If any component of the 2FA process is compromised, it can result in a security breach. Traditional methods like phishing and social engineering are now being used to bypass 2FA more and more. As written by Steven J. Vaughan-Nichols, “In short, 2FA can’t stop human stupidity.” 


We all know that cybersecurity is no joke. That’s why 2FA is a must-have tool in any company’s arsenal to safeguard their sensitive information and prevent unwanted visitors from sneaking in. By requiring not just one, but two authentication factors, companies can ensure that only those with the key to the kingdom are granted access to their systems and data. This helps keep everything locked up tight, safe from the prying eyes of cybercriminals. Time and time again, it’s proven to be the hero we need to foil malicious attacks and protect our valuable data.



FIND OUT MORE

The Monthly Breach Report: A Recap of April’s Data Breaches

In this article, Findings.co will take a deep dive into the top breaches that affected various companies in April 2023. So let's get started and explore the latest cybersecurity incidents!

As our world becomes increasingly digitized, businesses are relying more heavily on technology to conduct their operations. Unfortunately, with this greater dependence on digital systems comes a higher risk of cyber attacks. We’ve all heard about the devastating consequences of data breaches – from compromised personal information to stolen funds. Recently, the headlines have been dominated by high-profile breaches that have impacted millions of people worldwide. In this article, we’ll take a deep dive into the top breaches that affected various companies in April 2023. So let’s get started and explore the latest incidents!



  1. T-Mobile just can’t seem to catch a break! T-Mobile has disclosed its second data breach of 2023, affecting 836 customers who had their personal information accessed by hackers for over a month starting in late February.While the number of affected individuals might seem small compared to previous breaches, the amount of exposed data is pretty extensive. The exposed personally identifiable information is extensive and exposes individuals to identity theft and phishing attacks. The stolen information included names, contact details, social security numbers, account numbers, and T-Mobile account PINs, among other data. T-Mobile proactively reset the account PINs and offered affected customers two years of free credit monitoring and identity theft detection services. This is not the first time T-Mobile has suffered a data breach, having disclosed seven other incidents since 2018.

  2. Yum! Brands, the parent company of fast food chains KFC, Pizza Hut, and Taco Bell, has sent  out breach notification letters to individuals whose personal information was stolen in a ransomware attack on January 13, 2023. Yum! Brands clarified that some customer data was stolen, but they have no evidence that any of it was exfiltrated. However, the company found out that some individuals’ personal information, including names and driver’s license numbers, was stolen. The ongoing investigation has not found evidence of identity theft or fraud using the stolen data. About 300 restaurants in the UK were shut down as a direct result of the attack, but the company expects no material adverse impact on its business or financial results. Yum! Brands operates over 55,000 restaurants in 155 countries and territories. 

  3. Americold, a prominent cold storage and logistics company, is currently facing IT issues after experiencing a network breach. The company contained the attack and is now investigating the incident, which also impacted its operations. Americold estimated that its systems would be down for at least next week, and it requested customers to cancel inbound deliveries and to reschedule non-critical outbound deliveries. While the company has not provided any attack details, the focus on rebuilding impacted systems and assessing recoverable data suggests a ransomware attack is likely the cause. This is not the first time the company has faced a cyberattack; it experienced another in 2020. Americold owns and operates 245 temperature-controlled warehouses across the globe.

  4. The Kodi Foundation, which operates an open-source media player, disclosed a data breach after hackers stole the organization’s forum database containing user data and private messages and attempted to sell it online. The Kodi forum had roughly 401,000 members who used it to discuss media streaming, exchange tips, offer support, share new add-ons, and more in 3 million posts. Hackers stole the forum database by logging into the Admin console using an inactive staff member’s credentials, created and downloaded database backups multiple times in 2023. The stolen database contains all public forum posts, staff forum posts, private messages sent between users, and forum member data, including usernames, email addresses, and encrypted passwords. The company writes, “Users must assume their Kodi forum credentials and any private data shared with other users through the user-to-user messaging system is compromised. If you have used the same username and password on any other site, you should follow the password reset/change procedure for that site. Once the Kodi forum comes back online we will provide instructions on how to complete a reset of your Kodi forum password.” The Kodi team is planning a global password reset that will inevitably impact service availability. The team also plans to run penetration tests once everything is up and running again. 

  5. Western Digital, a data storage company, recently confirmed that they suffered a “network security incident” where an unauthorized third party gained access to their internal systems on March 26,2023. The company stated that certain data had been obtained and that they were working to understand the nature and scope of that data. While it is not yet known who was behind the attack, the incident appears to have caused disruptions to the company’s business operations and services, including downing their My Cloud network-attached storage service. Western Digital is currently implementing proactive measures to secure its business operations and investigating the incident with a cybersecurity firm while coordinating with law enforcement. 

  6. Yellow Pages Group, a Canadian directory publisher, has been hit by a cyber attack and the Black Basta ransomware and extortion gang has claimed responsibility for it. The ransomware group has posted sensitive documents and data, including customer and employee data, exposing personal information like ID documents, tax documents, sales and purchase agreements, and more. Yellow Pages Group has confirmed the attack and is investigating the issue with the help of external cybersecurity experts to contain the incident. The attack appears to have occurred on or after March 15th, 2023, and the company has been notifying impacted individuals and reporting to the appropriate privacy regulatory authorities. Black Basta ransomware group has been active over the past year, targeting multiple high-profile victims, including Sobeys and Capita, and has been theorized to be a rebrand of the Conti ransomware gang.


Data breaches can have a significant impact on businesses, organizations, and individuals. Not only can they result in the loss of sensitive data, but they can also lead to financial losses, reputational damage, and legal repercussions. In today’s digital landscape, where data is a valuable commodity, it’s crucial that companies take proactive measures to secure their systems and protect their data from cyber threats. To achieve this, companies need to adopt a multi-layered approach to cybersecurity that includes continuous monitoring, regular security assessments, and the implementation of best practices.It’s important to note that companies must have a plan in place to respond quickly and effectively to a data breach if it does occur. This involves having an incident response plan that outlines the steps to take in the event of a breach, including who to notify and how to contain and remediate the issue.



Take the Security of Your Business to the Next Level



Supply Chain Risk Monitoring as a Service
Join us today
Supply Chain Risk Monitoring as a Service
Join us today
Waitlist signup

Welcome to Findings

Let's go over some details to setup your tailor-made account


Please fill your details below and click "Next" to create your account:

Payment

Feature
Startup
Business
Enterprise
Price
$10 / Month
$10 / Month
$25 / Month
VDPaaS
Alerts
Assessments
Integrated Apps
API
Join today and scan ALL YOUR VENDORS for FREE*
* FREE VENDOR SCAN for all of your vendors during your first month.
Feature
Startup
Business
Enterprise
Price
$25 / Month
$200 / Month*
Contact Us
Free vendors scan for 1 month
Findings search engine
Rapid security and compliance profile
Profile/showcase engagements per year
5
40
Unlimited
Multi/unlimited showcase use cases
Showcase compliance badge for your website
Best practice self-assessment
1 Findings or 1 BYOC
Assessment response automation
Personalizable, branded security & compliance showcase page
File/evidence repository
OKTA
DKIM
Out-of-the-box TPRM
20 vendors +
20 rating scans
50 vendors +
50 rating scans
Support
Email
Priority via Phone / Email
Internal Workflows (SO/BO)
Onboarding and customization account setup
*Price for every 40 engagements
Automate assessment response and showcase your cybersecurity posture
Supply Chain Risk Monitoring as a Service
Join us today
.
.
.
.

Thank you for signing up!

Supply Chain Risk Monitoring as a Service
Join us today
.
.
.
.

Thank you for signing up!