The thinking behind The Agency.
Insights and analysis on third-party risk management, vendor security, regulatory compliance, and the agentic shift reshaping how TPRM teams actually work.
From the team.
Risk ManagementThe Importance of Cybersecurity Due Diligence
Cybersecurity due diligence is essential for identifying and mitigating cyber risks from third- and fourth-party vendors, especially during mergers, acquisitions, and insurance assessments. It involves evaluating an organisation’s security posture, identifying vulnerabilities, and continuously monitoring risk through tools like security ratings. Platforms like RiskXchange offer streamlined, real-time solutions to manage and improve cyber risk performance.
Read more
CybersecurityUnderstanding the Cyber Risks of the LDAP Protocol
This article provides an in-depth overview of the Lightweight Directory Access Protocol (LDAP), explaining its critical role in directory access and authentication across networks. It highlights LDAP’s integration with Active Directory, its core operations, and common use cases, especially in enterprise environments. The article also explores authentication methods, supported platforms, and the cybersecurity risks associated with LDAP—particularly LDAP injection attacks—while offering practical prevention strategies. Finally, it outlines how RiskXchange enhances LDAP security through real-time risk monitoring and attack surface management.
Read more
Risk ManagementVendor Risk Management Audit Checklist
This guide explores the essentials of a Vendor Risk Management (VRM) audit checklist, helping organisations identify, assess, and mitigate third-party risks. It outlines the key components of a successful VRM program—such as an operating model with three lines of defence, vendor risk policies, lifecycle management, and due diligence protocols—ensuring vendors do not become security liabilities. It also highlights how RiskXchange supports organisations with an automated, AI-powered platform to continuously monitor vendors and enforce cybersecurity best practices.
Read more
Risk ManagementCybersecurity Threats Impacting the Pharmaceutical Industry
This article explores the top cybersecurity threats impacting the pharmaceutical industry, including ransomware, phishing, third-party vendor risks, IoT vulnerabilities, and employee negligence. As pharmaceutical companies increasingly rely on digital technologies and third-party providers, the need for robust cybersecurity strategies has never been more urgent. RiskXchange offers real-time visibility and risk ratings to help pharmaceutical businesses proactively manage cyber threats and protect sensitive data and intellectual property.
Read more
CybersecurityHow to prevent an enumeration attack
Enumeration attacks are a growing threat in the cybersecurity landscape, especially as businesses increasingly rely on cloud-based applications. These attacks exploit weak login systems by brute-forcing usernames and passwords, often aided by system messages or response time discrepancies. To prevent enumeration attacks, businesses should implement layered defenses such as limiting login attempts, using CAPTCHAs and MFA, deploying web application firewalls (WAFs), masking API responses, and conducting employee cyber awareness training. Strengthening both internal and vendor cybersecurity practices is vital to maintaining business integrity and resilience.
Read more
CybersecurityHow to build a crisis communication plan for cyber threats
A crisis communication plan for cyber threats is essential for every organisation to manage the fallout from potential cyberattacks. These plans help maintain trust, minimise damage to brand reputation, and ensure coordinated internal and external communication. Key steps include identifying likely cyber threats, forming a dedicated crisis communication committee, preparing communication drafts, and prioritising stakeholder outreach. Timely and transparent communication ensures your organisation stays in control during a crisis, safeguarding both business operations and public trust.
Read moreStop reading. Start running TPRM differently.
Book a 30-minute call and we'll have NOVA, ARIA and REX produce a complete posture report on a vendor of your choice inside 24 hours.