Expertise as Social Capital: 4 Unexpected Ways that Expert Access Will Put You Ahead of the GameĀ 

by Abigail Raley / March 21, 2024

When I started working at KirkpatrickPrice, I was only a month out of my MFA program. I had been studying poetry for two years, and I was brand new to the cybersecurity auditing world. In fact, I still am. I have questions every day about how to best support our clients, and with the threat landscape constantly evolving, it seems that there are always new problems to solve.  KirkpatrickPriceā€™s founder…

A Bigger, Badder Villain: How to Face the Advanced Threats of AI

by Tori Thurmond / March 21, 2024

Every year in January, the KirkpatrickPrice team gathers in Tampa, FL for one of our biannual team meetings. This week is always a fun one where we get to reunite with our long-distance coworkers and discuss our goals for the new year. This January was no different. We had a great first week of 2024, but by Friday, some of us didnā€™t want the fun to end. We drove a…

Understanding the Hospital Cyber Resiliency Landscape Analysis

by Hannah Grace Holladay / March 12, 2024

The United States Healthcare and Public Health (HPH) sector is facing a dramatic increase in cyber-attacks that are disrupting patient care and safety.  Hospitals are facing directly targeted ransomware attacks that aim to disrupt clinical operations. According to a new study (linked below) by the U.S. Department of Health and Human Services (HHS), 96% of small, medium, and large sized hospitals claim they are operating with end-of-life operating systems or…

Barbie vs. Oppenheimer: What Barbenheimer Can Teach Us about Risk Management

by Tori Thurmond / March 21, 2024

If you were paying any attention to pop culture last summer, chances are you caught wind of two of the biggest movies of the year being released on the same day last July. Greta Gerwigā€™s Barbie and Christopher Nolanā€™s Oppenheimer broke box-office records as movie-lovers flocked to the theaters to see what all of the commotion was about. Some even decided to see both films on the same day, a…

Notes from the Field: CIS Control 15 – Service Provider ManagementĀ 

by Greg Halpin / March 7, 2024

The client I was conducting a gap analysis for had an incredibly detailed Service Provider Management Policy. It required the company compliance team to conduct due diligence on all prospective service providers, including a risk analysis of each. The policy required the compliance team to review the prospective vendor's SOC 2 audit report and research the vendor's financial stability and reputation. The compliance team was to conduct annual reviews of…