Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

UpGuard is excited to announce the latest addition to our Vendor Risk Questionnaire Library: the DORA (Digital Operational Resilience Act) questionnaire! The addition of DORA to the Questionnaire Library reflects UpGuard’s ongoing commitment to providing our customers with the necessary tools to navigate today’s evolving regulatory standards.

In an era where data breaches and privacy concerns dominate headlines, regulatory frameworks like India’s Digital Personal Data Protection Act, 2023 (DPDP) have become indispensable. The DPDP Act safeguards the privacy of individuals by regulating how organizations operating in India can collect, process, and store personal data. Landmark regulations like the DPDP Act are essential for enhancing data security.

In late July 2024, the US Cybersecurity and Infrastructure Security Agency (CISA) added two critical vulnerabilities (CVE-2024-4789 and CVE-2024-5217) affecting ServiceNow to its list of known exploited vulnerabilities. These vulnerabilities can allow unauthenticated users to execute code remotely, posing severe risks to organizations that use the platform. The potential for unauthorized access and severe data breaches makes addressing these vulnerabilities crucial.

Vendor risk monitoring is the process of continuously identifying, assessing, and managing security risks associated with third-party vendors. This effort is crucial to a successful Vendor Risk Management program as it ensures an organization’s third-party risk exposures remain within acceptable levels throughout each vendor's lifecycle.

The effectiveness of your entire Vendor Risk Management program is contingent on your vendor risk monitoring capabilities. Insufficient vendor security monitoring that fails to detect cyber risks during onboarding or any new cybersecurity risks throughout the vendor lifecycle will inevitably emerge later on as a major breach risk. To help you choose a vendor risk monitoring solution that will maximize your VRM investment, this post ranks the top eight vendor monitoring platforms on the market in 2024.

In 2024, the Australian government introduced PSPF Direction 001-2024 in recognition of the potential threats posed by Foreign Ownership, Control, or Influence (FOCI) on technology assets and GovTech (government technology operations). As part of the Protective Security Policy Framework (PSPF), PSPF 001-2024 is a crucial step in evaluating and mitigating cyber risks associated with foreign interference in the procurement and maintenance of technology assets.

The General Data Protection Regulation (GDPR), introduced by the European Union in 2018, has not only set a new benchmark for data privacy but has also significantly impacted global data protection frameworks. Its comprehensive and stringent requirements have prompted countries worldwide, such as India, to reevaluate and enhance their data protection laws. In recent years, India has been actively working on enhancing its data protection regulations, drawing considerable influence from the GDPR.

The 2024 CrowdStrike Incident blue-screened Microsoft computers worldwide, causing significant disruptions to high-profile industries such as transportation, healthcare, and financial services. Now that the world has largely recovered, the most forward-minded chief information security officers (CISOs) are focusing on using the incident as an opportunity for continuous improvement. How can they prevent similar incidents from having such a disastrous impact on their organization in the future?

The 2024 CrowdStrike incident caused blue screens of death (BSOD) on Microsoft Windows devices worldwide, severely disrupting operations across essential industry sectors.