ISO 31010 is a supplementary document to the risk management standard ISO 31000. It was developed to support the risk assessment process in ISO 31000, outlining different risk assessment techniques to broaden the scope of an organization’s risk evaluation methods. This post offers a comprehensive overview of ISO/IEC 31010, highlighting the standard’s potential to increase the effectiveness of risk management strategies. Learn how UpGuard streamlines Vendor Risk Management >

Third-party data breaches can happen at any time to any organization. This type of breach occurs when a vendor (or some other business partner) holding your company’s data suffers a breach, and your data is exposed. According to the Verizon 2022 Data Breach Investigations Report, 62 percent of all data breaches happen via third-party vendors.

SmokeLoader is a well-known malware family that has been around for more than 10 years. Its main purpose is to download and drop other malware families. However, SmokeLoader's operators also sell plugins that add capabilities to the main module. Those plugins allow an affiliate to collect browser data from infected computers, as well as emails, cookies, passwords, and much more. In this blog post, we'll dissect SmokeLoader's plugins that were received by an infected computer from the botnet "0020".

In today’s digital age, where businesses rely heavily on technology and data, the risk of cyberattacks and data breaches has become a constant concern. These incidents can lead to significant financial losses, damage to a company’s reputation, and even legal liabilities. To mitigate these risks, many businesses turn to cyber liability insurance. But what exactly is the cost of cyber liability insurance, and how do insurers determine it?

One of the most common ways that hackers target organizations is by exploiting vulnerabilities in outdated software. Outdated software risks can leave you open to a variety of hacks, including ransomware, malware, data breaches, and more. The fact is, failing to update your software doesn’t just mean you’re missing out on the latest version—it means you could expose your organization to major security vulnerabilities, like the widespread Apache Log4j2 vulnerability.

Businesses of all sizes are increasingly reliant on technology to conduct their operations efficiently. While technology offers numerous benefits, it also exposes organizations to a growing threat—cyber attacks (or cyberattacks). As the frequency and sophistication of cyber threats continue to rise, businesses are turning to a crucial safeguard: cyber attack insurance.

Earlier this summer, the internet was taken by storm by three critical vulnerabilities affecting MOVEit Transfer, a file-transferring software solution widely used by high-profile companies to store and share, in some cases, even the most sensitive business information.

Today’s uncertain economy has presented an array of problems to organizations of every size and across all industries. In the world of tech titans alone, 70,000 jobs have been lost over the past year. It’s safe to say that businesses have laid off and lost talented and experienced professionals from their rosters. We feel losing talent more acutely in cybersecurity and privacy as risk of cyberattacks and breaches may cost the global economy $10.5 trillion annually by 2025.

The use of third-party apps (also known as “connected apps”, “cloud to cloud apps”, “OAuth apps”) are apps developed by external and internal developers or organizations that can interact with and extend the functionality of a primary SaaS App. These are growing exponentially across organizations.

There’s no such thing as one-size-fits-all cybersecurity. Every organization faces a unique set of security risks, and needs to take its own unique approach to cybersecurity risk assessment. Unfortunately, however, cybersecurity risk assessments aren’t easy to undertake, and getting started can be the most challenging part of your risk management strategy. To help, we’ll take you through the process step by step.