Historically, IT and OT have operated in separate worlds, each with distinct goals and protocols. IT, shaped by the digital age, has always emphasized the protection of data integrity and confidentiality. In this space, a data breach can lead to significant consequences, making it crucial to strengthen digital defenses. On the other hand, OT, a legacy of the Industrial Revolution, is all about ensuring machinery and processes run without interruptions.

This post is part of an ongoing series where you’ll hear directly from Vanta’s own Security, Enterprise Engineering, and Privacy, Risk, & Compliance Teams to learn about the team’s approach to keeping Vanta—and most importantly, our customers—secure. In today’s post, you’ll hear from Rob Picard, who leads Vanta’s Security team, and Matt Cooper, who leads Vanta’s Privacy, Risk, & Compliance team. ‍

With many nuances to consider, adhering to the General Data Protection Regulation (GDPR) requirements can be a daunting task. After all, the entirety of the GDPR consists of a whopping 99 Articles. Fortunately, by following a GDPR security checklist, you can help your organization ensure that all required facets of data security are covered without sifting through pages and pages of legalese.

Bitsight was recently named an Overall Leader in the 2023 KuppingerCole Analyst AG Leadership Compass for Attack Surface Management. The report—which provides an overview and comparison of relevant vendors in defined segments—also identified Bitsight as a leader in several other categories, including Product Leader, Innovation Leader, and Market Leader. To read the in-depth report analysis, download your free copy here.

Third-party cyber risk is now one of the biggest threats today, according to many CISOs. Security leaders point to the fact that many of the recent major breaches have been a result of a single software supply chain vulnerability: SolarWinds, Log4j, and MOVEit, just to name a few.

ISO 31010 is a supplementary document to the risk management standard ISO 31000. It was developed to support the risk assessment process in ISO 31000, outlining different risk assessment techniques to broaden the scope of an organization’s risk evaluation methods. This post offers a comprehensive overview of ISO/IEC 31010, highlighting the standard’s potential to increase the effectiveness of risk management strategies. Learn how UpGuard streamlines Vendor Risk Management >

Third-party data breaches can happen at any time to any organization. This type of breach occurs when a vendor (or some other business partner) holding your company’s data suffers a breach, and your data is exposed. According to the Verizon 2022 Data Breach Investigations Report, 62 percent of all data breaches happen via third-party vendors.

SmokeLoader is a well-known malware family that has been around for more than 10 years. Its main purpose is to download and drop other malware families. However, SmokeLoader's operators also sell plugins that add capabilities to the main module. Those plugins allow an affiliate to collect browser data from infected computers, as well as emails, cookies, passwords, and much more. In this blog post, we'll dissect SmokeLoader's plugins that were received by an infected computer from the botnet "0020".

In today’s digital age, where businesses rely heavily on technology and data, the risk of cyberattacks and data breaches has become a constant concern. These incidents can lead to significant financial losses, damage to a company’s reputation, and even legal liabilities. To mitigate these risks, many businesses turn to cyber liability insurance. But what exactly is the cost of cyber liability insurance, and how do insurers determine it?

One of the most common ways that hackers target organizations is by exploiting vulnerabilities in outdated software. Outdated software risks can leave you open to a variety of hacks, including ransomware, malware, data breaches, and more. The fact is, failing to update your software doesn’t just mean you’re missing out on the latest version—it means you could expose your organization to major security vulnerabilities, like the widespread Apache Log4j2 vulnerability.