Economic pressures have been leading to greater budget scrutiny and justification of resources for cybersecurity teams. Boards are asking harder questions around cyber risk and exposure. Not only are CISOs working hard to justify and measure their program, they’ve had to become more data-driven in the way they align investments towards company outcomes and business objectives.

On June 20th, 2024, the Department of Commerce's Bureau of Industry and Security (BIS) announced the prohibition of Kaspersky Lab, Inc., the U.S. subsidiary of a Russia-based anti-virus software and cybersecurity company, from directly or indirectly providing anti-virus software and cybersecurity products or services in the U.S. or to U.S. persons. The prohibition also applies to Kaspersky Lab, Inc.’s affiliates, subsidiaries, and parent companies.

Continuing our interview series with influential figures in the technology sector, we are pleased to welcome Shannon Walker, Executive VP of Strategy at Case IQ, a workplace investigation tool that provides comprehensive risk management features for businesses around the world.

For many teams, managing governance, risk, and compliance (GRC) is still a very manual process. As a security leader, you might be wondering how to future-proof and scale your GRC program when so much of your team’s time is spent on collecting screenshots or copying and pasting information from one spreadsheet to another. ‍ The future of GRC management doesn’t have to be more of the same though.

Protecting an organization’s network perimeter has become increasingly complex. Traditional firewalls, once the cornerstone of network security, are now being supplemented and often replaced by more advanced solutions known as Next-Generation Firewalls (NGFWs). At Obrela, we believe in leveraging cutting-edge technologies to safeguard digital assets, and understanding the differences between traditional firewalls vs NGFWs is crucial for any robust security strategy.

The SWIFT Customer Security Controls Framework (CSCF) is a key global cybersecurity framework that provides recommended and mandatory security controls for banking institutions that use the SWIFT banking system. The framework is designed to help financial institutions improve their cyber resilience and ensure that participants within the SWIFT network adhere to a stringent set of security compliance standards. Find out how UpGuard helps the financial services industry meet compliance standards >

In today's world, where cyber threats are increasingly sophisticated, organizations must take strong security measures to protect sensitive data and maintain operational integrity. One effective way to show your dedication to cybersecurity is by obtaining Cyber Essentials certification. This government-backed scheme in the UK helps organizations implement essential security controls to defend against common online threats.

Modern business operations have become synonymous with outsourcing to vendors, as essentially every business relies on at least a few third-party partnerships to improve efficiency and enhance capabilities. However, these partnerships also present various cybersecurity risks that can negatively impact an organization’s performance, reputation, and compliance with industry regulations and standards. To mitigate these risks, organizations must develop a robust Vendor Risk Management (VRM) process.

The General Data Protection Regulation (GDPR) is one of the world's most stringent data protection laws, designed to safeguard individuals' personal data in Europe. Since its implementation in May 2018, GDPR has significantly impacted how organizations collect, store, and process personal data. Noncompliance with GDPR can lead to severe penalties, including hefty fines and reputational damage, making it imperative for organizations to understand and adhere to its requirements.

As the NIS2 Directive reshapes the cybersecurity landscape across Europe, a key focus for organisations is understanding and managing their critical suppliers. The directive mandates heightened scrutiny and tighter controls around these essential entities, underscoring their importance in your overall cybersecurity strategy. But the pivotal question remains: How do you determine who qualifies as a 'critical supplier'?