The U.S. Treasury, also known as the Department of the Treasury, manages the finances of the U.S. government. This department has various duties, including maintaining the economic stability of the United States, managing government finances, and implementing policy decisions that impact both domestic and international affairs. Like most large organizations, the U.S.

The U.S. General Services Administration (GSA) is an independent agency that helps manage and support the basic functioning of federal agencies. The GSA supplies products and communications, provides transportation and office space, and oversees the government’s real estate portfolio, among other management tasks.

In mid-March, UpGuard welcomed security professionals from APAC, EMEA, India, and the U.S. to participate in the first UpGuard Summit of 2024. This quarter’s event focused on third-party risk management (TPRM), specifically addressing how organizations can scale their TPRM programs to meet their evolving needs and defend their growing attack surfaces.

The European Union (EU) Artificial Intelligence Act is a key landmark legislation that represents one of the first laws to go into effect regarding the application and use of artificial intelligence (AI) technology. This historic regulatory framework was created to govern the use, development, and deployment of AI systems within the EU and establish an operational cyber framework for businesses.

Email makes modern communications work. We use email for keeping in touch with friends and family, organizing business activities, and tracking a variety of other needs. But how does email actually work and why do you get so many spam emails? That all comes down to email messaging protocols.

As the primary financial services regulator of the Cayman Islands, the Cayman Islands Monetary Authority (CIMA) is responsible for managing and protecting the assets of all Cayman Islands banks, which includes its cybersecurity and risk management strategies. CIMA does this mainly through the Rule and Statement of Guidance – Cybersecurity for Regulated Entities, which establishes regulatory laws and guidelines to safeguard the security posture of its regulated entities.

India’s healthcare system finds itself at a critical crossroads, struggling to navigate challenges of accessibility, affordability, and quality by pursuing rapid digitization. While this digital transformation provides extensive benefits ranging from greater efficiency to improved quality of care, it also increases the amount of sensitive patient data healthcare organizations store electronically, escalating concerns regarding data privacy and protection.

The online platform industry is growing exponentially as more organizations and individuals turn to digital resources for everyday needs. In 2022, the European Union introduced the Digital Markets Act (DMA), a groundbreaking piece of legislation to curb monopolistic practices of major online platforms while promoting fair competition across the highly saturated European market.

The Public Governance, Performance and Accountability Act 2013 is a key piece of legislation that establishes a framework of governance, performance, and accountability for Australian government and Commonwealth organizations. The PGPA Act’s main goal is to ensure that all government bodies practice effective management of public resources and are transparent in their activities.

The General Data Protection Regulation (GDPR) is a comprehensive data protection law covering the European Union (EU) and is widely regarded as one of the world’s strictest privacy regulations. The GDPR unifies data regulation within the EU and provides individuals control over their personal data. The GDPR includes information about Data Protection Officers (DPOs).

As organizations and businesses undergo digital transformations, so do criminals and other nefarious actors. In today’s modern era, criminal activity frequently occurs online through digital communication channels, providing avenues for phishing, data loss, and security breaches.

Smart homes, connected cars, and smart watches: these are examples of consumer-focused devices in the Internet of Things (IoT). But the Internet of Things extends beyond consumer use as new technologies are implemented in industrial settings and critical infrastructure. With the continuing development of the Internet of Things come new attack surfaces and cybersecurity risk directly related to the IoT.

A vendor risk assessment is a critical element of performing due diligence, helping you vet potential vendors effectively and efficiently during the procurement process and throughout the vendor lifecycle. A thorough risk assessment should help you identify, mitigate, and manage the risks associated with your vendors to ensure you remain compliant, maintain a strong security posture, and avoid a costly third-party data breach.

The United States Department of Veterans Affairs (VA) is a federal agency that provides comprehensive healthcare services, benefits, and support to military veterans and their families. The VA operates a nationwide system of hospitals, clinics, and benefits offices focused on ensuring the health, welfare, and dignity of those who served in the United States armed forces.

The telecommunications sector provides critical infrastructure for many countries, enabling the exchange of information across various industries. Due to the widespread use of digital information in telecommunications, the sector has become a prime target for cyber threats from hackers, state actors, and cyber criminals. In 2023, telecommunications experienced higher credential stuffing rates than other sections, according to F5.

Despite best efforts to accommodate third-party risk management (TPRM) processes that correspond with increased use of third-party vendors, incident outcomes seem to grow as well. The 2023 global average cost of a data breach was USD $4.45M, a 2.3% year over year increase. In the United States, the average cost of a breach is higher at USD $9.48M.

The rise of remote learning has motivated cybercriminals to advance their assault on the education sector. In 2022, cybercriminals deployed more than 2200 attacks against higher education institutions every week, a 44% increase compared to 2021 (Check Point, 2022). Risk professionals attribute this increase to various factors, including the structure of remote learning environments.

Like most high-performing organizations, higher education institutions often utilize third-party vendors to outsource key services, such as data management and research initiatives. This reliance on third-party vendors can lead to various risks, including data privacy vulnerabilities, compliance issues, and operational disruptions. Therefore, universities must implement advanced vendor management processes to mitigate these risks.