Tenchi Security

There was a time when cybersecurity decisions were often shaped by assumptions more than evidence. Today, the problem is almost the opposite: we have more real-world data than ever - and we need to pay closer attention to what it’s telling us. It’s easy to focus on headline-grabbing scenarios like quantum-powered attacks or highly sophisticated nation-state operations. But most breaches still come down to simpler, familiar issues: unpatched systems, exposed credentials, and known vulnerabilities left unresolved. In this short clip from a special bonus episode of the Alice in Supply Chains podcast, the conversation explores what the latest DBIR reveals - and why cybersecurity decisions should be grounded in real-world evidence, not hypothetical scenarios. Watch the clip for more insights, explore the full 2026 Verizon Business DBIR through the link below, and listen to the full episode for a deeper discussion on what this year’s findings mean in practice for TPCRM. Catch the full episode here:  Website: https://lnkd.in/dr4AauFQ Spotify: https://lnkd.in/dXd_D7sV Apple podcasts: https://lnkd.in/d9mM-AtH Amazon Music: https://lnkd.in/dPx7u35N Youtube: https://lnkd.in/deHgXsxN Find the full report here: https://lnkd.in/es4n9-W Tenchi Security's article and analysis on the report: https://lnkd.in/dtEpppx7 #DBIR #Cybersecurity #ThirdPartyRisk #RiskManagement #DataDrivenSecurity #Infosec #TPCRM #TPRM

A Tenchi Security estará presente na 36ª FEBRABAN TECH 2026, o maior evento de tecnologia e inovação do setor financeiro, que acontece entre os dias 24 e 26 de agosto, no Distrito Anhembi, em São Paulo. Visite o estande B-47 para conversar com o nosso time sobre os desafios da gestão de riscos cibernéticos de terceiros - um tema cada vez mais crítico para o setor.  Use nosso cupom C-TENCHI2026 para garantir 10% de desconto na inscrição. Esperamos você! #TPCRM #TPRM #FebrabanTech2026 #ciberseguranca

It's been roughly a week since the 2026 #DBIR came out and I wanted to give a shout out to some of our research partners and data contributors blog posts that I enjoyed reading. Please take some time and check them out. Most of them have a deeper dive on the stories we published in the report that we could not afford the page count to reproduce. Almost no one goes through the 120+ pages we publish, imagine if the report was twice that size! Here they are, in no particular order: Qualys: https://lnkd.in/gikqa5iw Tenchi Security: https://lnkd.in/gNhFNcRa Tenable: https://lnkd.in/gh7tvxKk Fastly: https://lnkd.in/gEdZ-p5n Empirical Security: https://lnkd.in/gntxquY5 Did I miss yours? Of course I did. Please post them in the comments so everyone can enjoy reading them!

Want to stay up to date on the key news, trends, and discussions shaping TPCRM worldwide? Alice in Supply Chains is a monthly newsletter created for professionals who want to closely follow the evolution of third-party cyber risk management. Based on global news, it delivers a curated view of what is truly driving change across the landscape. With 45 issues  published so far, it covers: • Key incidents and real-world cases across the cyber risk landscape • Emerging trends and shifts in the industry • Regulatory updates and their impact on organizations Join more than 15,700 professionals already following the newsletter on LinkedIn - subscribe through the link below! https://lnkd.in/dSjFezZv #TPCRM #TPRM #CyberNews #CyberNewsletter #SupplyChain #cybersecurity

Quer ficar por dentro das principais notícias, tendências e discussões sobre TPCRM no mundo? Alice in Supply Chains é uma newsletter mensal dedicada a profissionais que querem acompanhar de perto a evolução da gestão de riscos cibernéticos de terceiros. A newsletter é baseada em notícias e acontecimentos globais sobre o tema, trazendo uma curadoria do que realmente está movimentando o mercado. Já são 45 edições publicadas, com: • Incidentes e casos relevantes do cenário de riscos cibernéticos • Tendências e movimentações do setor • Regulamentações e impactos para as empresas Junte-se a mais de 15.700 profissionais que já seguem a newsletter no LinkedIn. Inscreva-se no link abaixo e acompanhe as próximas edições! https://lnkd.in/dSjFezZv #TPCRM #TPRM #CyberNews #ciberseguranca #cybersecurity

The 2026 Data Breach Investigations Report (DBIR) highlights an important challenge for security teams: not all identified issues are remediated at the same pace. According to the data, around 50% of MFA-related findings are resolved within the first 7 days. Privilege management issues tell a different story - nearly 45% remained open after a year. The contrast is significant. The report indicates that visibility alone isn’t enough. How quickly organizations move from detection to remediation may be a stronger measure of resilience, especially in increasingly complex cloud and SaaS environments. In this short clip, Alex Pinto, from Verizon Business - and one of the responsibles for the DBIR - joined Alexandre Sieira on the Alice in Supply Chains podcast to break down what the latest report, launched last week, reveals about remediation timelines, exposure management, and why authentication and privilege controls continue to be critical in cloud and SaaS environments. Watch the clip for a preview of the discussion, explore the full 2026 Verizon DBIR through the link below, and listen to the full episode for deeper insights into this year’s findings and their implications for TPCRM. Find the podcast here:  Website: https://lnkd.in/dr4AauFQ Spotify: https://lnkd.in/dXd_D7sV Apple podcasts: https://lnkd.in/d9mM-AtH Amazon Music: https://lnkd.in/dPx7u35N Youtube: https://lnkd.in/deHgXsxN Find the full report here: https://lnkd.in/es4n9-W Tenchi Security's article and analysis on the report: https://lnkd.in/dikScfDb Link for the full report: https://lnkd.in/es4n9-W #DBIR #TenchiSecurity #TPCRM #TPRM #Cybersecurity

Most TPCRM programs look mature on paper. Documents like questionnaires, reassessments, security ratings, dashboards… everything appears under control. Yet third-party breaches continue to grow fast. The latest Verizon DBIR shows third-party involvement in breaches rising from 15% in 2024 to 48% in 2026. Why? Because many organizations still assess vendors without fully understanding how their services actually operate. Modern third-party risk lives inside: → SaaS integrations → OAuth trust relationships → Identity dependencies → Subcontractor chains → Hidden Nth-party exposure When TPCRM teams lack this operational visibility, assessments become compliance exercises instead of real risk reduction. In our latest article, Fernanda Lopes explores why the biggest hidden risk in TPCRM may be the capability gap inside the teams running the program and why organizations investing in continuous monitoring and deeper technical understanding will lead the next generation of third-party cyber risk management. Read the full article to learn more! 👇 https://lnkd.in/dbyktG46 #CyberSecurity #TPRM #TPCRM #ThirdPartyRisk #VendorRiskManagement #DBIR #SupplyChain

A maioria dos programas de TPCRM parece madura no papel. Alguns documentos como questionários, reavaliações, scores de segurança, dashboards… tudo aparenta estar sob controle. Ainda assim, os incidentes envolvendo terceiros continuam crescendo rapidamente. O mais recente relatório DBIR da Verizon mostra que o envolvimento de terceiros em violações passou de 15% em 2024 para 48% em 2026. Por quê? Porque muitas organizações ainda avaliam fornecedores sem compreender totalmente como seus serviços realmente operam. Hoje, o risco de terceiros está presente em: → Integrações SaaS → Relações de confiança via OAuth → Dependências de identidade → Cadeias de subcontratação → Exposição oculta de Nth parties (cadeia de suprimentos estendida) Quando as equipes de TPCRM não têm essa visibilidade operacional, as avaliações se tornam exercícios de compliance em vez de iniciativas reais de redução de risco. Em nosso artigo mais recente, Fernanda Lopes explora por que o maior risco oculto no TPCRM pode estar na lacuna de capacitação das próprias equipes que operam o programa, e por que organizações que investem em monitoramento contínuo e em uma compreensão técnica mais profunda estarão à frente na próxima geração da gestão de riscos cibernéticos de terceiros. Confira o conteúdo completo👇 https://lnkd.in/dmaV5xqD #Ciberseguranca #TPRM #TPCRM #RiscosdeTereceiris #CadeiadeSuprimentos #SupplyChain #DBIR

Quer ficar por dentro das principais notícias, tendências e discussões sobre TPCRM no mundo? Alice in Supply Chains é uma newsletter mensal dedicada a profissionais que querem acompanhar de perto a evolução da gestão de riscos cibernéticos de terceiros. A newsletter é baseada em notícias e acontecimentos globais sobre o tema, trazendo uma curadoria do que realmente está movimentando o mercado. Já são 45 edições publicadas, com: • Incidentes e casos relevantes do mercado • Tendências e movimentações do setor • Regulamentações e impactos para as empresas Junte-se a mais de 15.700 profissionais que já seguem a newsletter no LinkedIn. Inscreva-se e acompanhe as próximas edições! https://lnkd.in/dSjFezZv

Third-party involvement in breaches increased from 30% to 48% in the latest Verizon Data Breach Investigations Report - meaning nearly half of reported breaches now involve a third-party at some point in the breach process. Tenchi Security was one of this year’s contributors to the report, and one trend stands out: risk increasingly accumulates not only in exposures themselves, but in how vulnerabilities are managed and remediated over time. What’s behind that jump? In this short clip from a recent bonus DBIR episode of the Alice in Supply Chains podcast, Alex Pinto from Verizon Business (and one of the DBIR authors) discuss why “third-party involvement” is broader than many teams assume - and what may actually be driving this rise. One takeaway stands out: as vulnerability exploitation becomes a larger part of the picture, mature Third-Party Cyber Risk Management (TPCRM) cannot rely solely on questionnaires. Understanding how vendors handle vulnerabilities and remediation increasingly matters just as much. Explore the full 2026 Verizon DBIR through the link below, and listen to the full episode for a deeper discussion on this year’s findings and what they mean in practice for TPCRM. Watch the full episode here:  Website: https://lnkd.in/dr4AauFQ Spotify: https://lnkd.in/dXd_D7sV Apple podcasts: https://lnkd.in/d9mM-AtH Amazon Music: https://lnkd.in/dPx7u35N Youtube: https://lnkd.in/deHgXsxN Tenchi Security's article and analysis on the report: https://lnkd.in/dtEpppx7 Link for the full report: https://lnkd.in/es4n9-W #DBIR #TenchiSecurity #TPCRM #TPRM #CyberPodcast #SupplyChain #ThirdPartyData