Continuous threat exposure management (CTEM) is a formal program to manage cyber risk that allows organizations to enhance and optimize their overall cybersecurity posture. As outlined by Gartner, CTEM offers a cyclical approach to finding and mitigating threat exposure—which is the accessibility and exploitability of digital and physical assets—in an ongoing, proactive, and prioritized way.

You understand the importance of a Vendor Risk Management strategy in mitigating the impact of third-party data breaches. However, you’re still unsure about its application to different vendor cyber risk contexts. To help you bridge this application gap and leverage the complete benefits of a Vendor Risk Management process, this post outlines three common examples of vendor security risks and how a VRM program could be tailored to address them. Learn how UpGuard streamlines Vendor Risk Management >

Device Authority, an award-winning and recognized global leader in Identity and Access Management (IAM) for Enterprise IoT ecosystems has appointed Richard Seward as Vice President of Product Management to drive forward the company’s growing portfolio of innovative products under its KeyScaler platform.

The highly competitive digital setting that we have today requires modern software applications to serve as the foundation of business operations, communication, and service innovation. However, this agility has some risks since outsourcing part of application development to external tools and libraries implies that the organization can unintentionally introduce vulnerabilities that cybercriminals can use against them.

As we navigate through an era increasingly dominated by artificial intelligence, the theme of RSAC 2024, “The Art of the Possible,” couldn’t be more apt. This year, Zenity, a trailblazer in securing and governing business productivity tools like Copilot for M365, Power Platform, Salesforce, and ServiceNow, highlighted the vast possibilities—and the associated risks—of democratized technology and software development.

Vendor Risk Assessment processes form the core of a Vendor Risk Management program. As such, the efficiency of a VRM program is ultimately dependent on the design of its risk assessment processes. This post guides you through the design of an efficient vendor risk assessment framework in six steps. By implementing this framework, you can establish an efficient risk assessment workflow built upon a scalable process foundation. Learn how UpGuard streamlines vendor risk assessments >

Privilege escalation in AWS refers to the unauthorized elevation of user privileges within the AWS environment, allowing users to access resources and perform actions beyond their intended level of permissions. This security risk would arise in case the attackers utilize the vulnerabilities or misconfigurations in AWS services, IAM policies, or access controls to take up privileges above the current level.

When thinking about which industries get targeted most often in ransomware attacks, many people think that large healthcare and financial institutions would be at the top of the list. Most people don’t associate cyber attacks with K-12 schools. However, a recent cybersecurity report noted that lower education, or K-12 schools, is the single most targeted industry for ransomware attacks, with 80% of schools reporting a ransomware attack in 2023.

If you’re new to vendor risk assessments, this article includes a real-life example of service provider risk assessment, helping you understand their structure and the details they entail. Learn how UpGuard streamlines vendor risk assessments >