Transport Layer Security (TLS) provides security for internet communications. TLS is the successor to the now-deprecated Secure Sockets Layer (SSL), but it is common for TLS and SSL to be used as synonyms for the current cryptographic protocols that encrypt digital communications through public key infrastructure (PKI).

A HIPAA (Health Insurance Portability and Accountability Act) questionnaire is essential for evaluating third-party vendors for healthcare organizations to ensure they follow HIPAA regulations and standards. As one of the most breached industries, it is vastly important for healthcare organizations to send out comprehensive security questionnaires to properly assess their vendors’ risks and determine a plan of action on how to remediate those risks or potentially end the business partnership.

Subdomain takeovers pose a significant and often overlooked threat to website security. In today's digital age, almost every business has a website to promote, inform, and provide resources to visitors. Websites that use multiple subdomains risk exposing themselves to cyberattacks. Subdomain takeovers can lead to data breaches and reputational damage. However, these risks can be minimized with the right strategies, and your organization can stay protected.

A post-data breach questionnaire is essential for evaluating the impact of a third-party breach on your organization. This due diligence also ensures complaints with expanding data breach protection standards sweeping across government regulations. This post outlines a template to inspire the design of your security questionnaire for vendors that have suffered a data breach or similar security incident. Learn how UpGuard streamlines Vendor Risk Management >

Whether you're expanding use cases, adding new vendors, or scaling the scope of your offerings, you need to keep apprised of potential security risks impacting your organization. UpGuard has added the SIG Lite questionnaire to our Questionnaire Library, making SIG available to help UpGuard customers evaluate third-party risks and potential vulnerabilities in your vendors' security policies.

Network segmentation or segregation is a network architecture practice used by network security personnel to divide an organization’s computer network into smaller subnets. Each subnet or network segment forms its own smaller network. By segmenting an organization’s network, personnel can better control the traffic flow between subnets, improve security policies, and make it more challenging for unauthorized users to access sensitive data and critical parts of the network.

Every website needs to be set up with a cloud service provider, but what about your other CSP: Content Security Policy? The Content Security Policy (CSP) is a standard provided in an HTTP response header that helps prevent cross-site scripting attacks (XSS), clickjacking, packet sniffing, and malicious content injection on the client side of your web page. Configuring the header will enable a CSP with the directives you supply to control how a user agent loads resources on your site.

‍Cybersecurity has become crucial for businesses and government entities in today's ever-changing digital landscape. While various frameworks and guidelines are available, the Australian Signals Directorate's "Essential Eight" is an effective and practical approach to strengthening an organization’s security against cyber attacks and threat actors.

When organizations hear “third-party risk management,” they often consider the processes needed to mitigate risks when working with a third-party vendor. These can include procurement risks and risks associated with starting new vendor relationships, often referred to as "onboarding,”—but what about when a working relationship ends?

Cisco has released a Product Security Incident Response Team (PSIRT) advisory regarding a zero-day vulnerability in the web UI feature of Cisco IOS XE software. Cisco has stated that the web-based user interface should never be accessible through the public internet, yet research indicates that more than 10,000 Cisco devices have been exploited by an unknown threat actor. This critical vulnerability is being tracked as CVE-2023-20198 and is currently undergoing investigation for active exploitation.

The Sender Policy Framework (SPF) is an email authentication protocol that specifies email authorization through Domain Name System (DNS) records. When an email is sent through the Simple Mail Transfer Protocol (SMTP), there is no requirement for authorized messages, which means that spammers can forge your domain in their phishing attacks.

Cybersecurity is becoming a growing priority for organizations, as daily news headlines feature large-scale data breaches due to unauthorized access and ransomware attacks dismantling systems across the globe. The last thing an organization wants is to become the next headline because its poor cybersecurity posture left it vulnerable to hackers. Cybersecurity audits meticulously analyze and report on an organization’s security program, helping them identify weak points that need addressing.

Today’s rapidly evolving digital world requires organizations to build a robust cybersecurity plan to safeguard internal infrastructures and oversee third-party vendors' cyber health. The Essential 8 is a cybersecurity framework developed by the Australian Signals Directorate designed to help organizations protect themselves against different cyber risks.

In the past, passwords alone were considered an effective security measure for protecting user accounts and deterring cybercriminals. Motivated by the increased threat of data breaches and other cyber attacks, the cybersecurity industry has since evolved from relying on passwords to favoring more robust authentication methods, such as multi-factor or two-factor authentication (2FA).

A vendor risk report provides stakeholders with a snapshot of your Vendor Risk Management (VRM) performance. With concerns over the threat of supply chain attacks growing, cybersecurity reporting is evolving towards an increased focus on Vendor Risk Management program performance. Board members and senior management want to know how effectively your VRM initiatives are identifying and addressing vendor-related security risks.

A cybersecurity report shouldn’t be feared. Instead, it should be regarded as an opportunity to demonstrate the effectiveness of your cybersecurity program, and while management is brimming with delight over your efforts, maybe also a chance to sneak in a request for that cyber budget increase.

Organizations utilize hundreds, sometimes thousands, of vendors to handle their day-to-day production, workflow, and business processes. With this many vendors, it’s easy for details to fall through the cracks and miscommunication to occur. Organizations often turn to vendor management systems to help manage multiple vendor relationships throughout a vendor lifecycle.

Your board of directors expects to be regularly updated about your data breach prevention efforts, but board members often lack the necessary technical insight to understand the cyber risk mitigation processes making up your cybersecurity posture. CISOs are tasked with bridging the gap between awareness of your organization’s security efforts and stakeholder KPIs with the support of an invaluable tool - a cybersecurity board report.

In today's digital age, protecting sensitive information is crucial, and the need for robust Information Security Management Systems (ISMS) has become urgent due to the prevalence of data breaches and cyber threats. ISO 27001 is a leading international standard that regulates data security and privacy through a code of security practices for information security management.

When ChatGPT, a generative AI chatbot developed by OpenAI, was introduced in November 2022, the digital world changed forever. Endless questions and even more speculation surrounded the release, and most industries, including cybersecurity, were divided on the tool’s value. The advocates quickly prophesized how artificial intelligence would improve their daily decision-making and elevate their understanding of complex concepts.

External attack surface management (EASM) is the continuous exercise of managing cybersecurity risks associated with an organization’s external-facing digital assets. The process includes monitoring, identifying, reducing, and mitigating risks present across an organization’s external attack surface.

WebP is an open-source image format developed by Google. WebP enables higher quality images in smaller file sizes. The package, released by Google, encodes and decodes images in WebP format and is used widely across the internet for lossless image compression.

A Remote Access Trojan (RAT) is a type of malware that enables an attacker to gain remote access over an infected system. Once a machine is compromised by a Remote Access Trojan, your system is at high risk of covert surveillance, data exfiltration, and other methods of malicious remote compromise. This article defines what a Remote Access Trojan (RAT) is and how you can take action to protect your system with UpGuard BreachSight.