Risk Management

A Guide to Vendor Risk Management Reporting in 2024

Jun 6, 2024 By Edward Kost In UpGuard

Vendor Risk Management encompasses a wide range of cybersecurity risk factors. As such, a VRM report design could range from highly detailed to concise, depending on the specific reporting requirements of stakeholders and the board. This list represents the most comprehensive scope of third-party risk management information to fit the broadest range of VRM reporting use cases.

Read Post

UpGuard

Read more about A Guide to Vendor Risk Management Reporting in 2024

Generative AI: Productivity Dream or Security Nightmare

Jun 5, 2024 By Frederick Coulton, Head of Product In CultureAI

The field of AI has been around for decades, but its current surge is rewriting the rules at an accelerated rate. Fuelled by increased computational power and data availability, this AI boom brings with it opportunities and challenges. AI tools fuel innovation and growth by enabling businesses to analyse data, improve customer experiences, automate processes, and innovate products - at speed. Yet, as AI becomes more commonplace, concerns about misinformation and misuse arise. With businesses relying more on AI, the risk of unintentional data leaks by employees also goes up.

Read Post

CultureAI

Read more about Generative AI: Productivity Dream or Security Nightmare

7 Types of exposures to manage beyond CVEs

Jun 5, 2024 By Vanessa Jankowski In BitSight

As cybersecurity leaders try to get ahead of threats to their organization, they're increasingly seeking ways to get off the hamster wheel of chasing countless CVEs (common vulnerabilities and exposures). The brass ring that most CISOs reach for today is prioritization of exposures in their infrastructure (and beyond), so their teams can focus on tackling the ones that present the greatest risk. In some cases, the highest priority exposures will still be critical CVEs on mission critical assets.

Read Post

BitSight

Read more about 7 Types of exposures to manage beyond CVEs

Ultimate Guide to Vendor Risk Scoring

Jun 5, 2024 By Kyle Chin In UpGuard

Vendor risk scoring is a critical component within vendor risk management (VRM) or third-party risk management (TPRM) programs and an organization’s overall risk management strategy. Risk scoring is an integral tool in the risk assessment process, helping organizations identify, evaluate, and mitigate potential risks associated with third-party vendors or service providers.

Read Post

UpGuard

Read more about Ultimate Guide to Vendor Risk Scoring

UpGuard Summit May 2024 Recap: Automated TPRM

Jun 5, 2024 By Nicholas Sollitto In UpGuard

The second UpGuard Summit of 2024 kicked off at the end of May, welcoming security professionals from APAC, EMEA, India, and the U.S. to discuss key developments and strategies across the cybersecurity industry. This quarter’s event focused on third-party risk management (TPRM), specifically how security teams can use automation to eliminate manual work and streamline critical TPRM workflows and processes.

Read Post

UpGuard

Read more about UpGuard Summit May 2024 Recap: Automated TPRM

Vulnerability Management Modernization & FedRAMP: Resilient Cyber Podcast

Jun 5, 2024 By Kevin Swartz In Nucleus

Ever wonder how Nucleus got started? Curious to know what our CEO and co-founder Steve Carter is working on? You’re in luck. Steve joined host Chris Hughes on the Cyber Resilience podcast to talk about those topics and more. Additionally, Steve and Chris explored the process for earning FedRAMP authorization, some of the particular vulnerability management challenges government agencies are dealing with, and why risk-based vulnerability management resonates with the government community.

Read Post

Nucleus

Read more about Vulnerability Management Modernization & FedRAMP: Resilient Cyber Podcast

Deepfakes: The Next Frontier in Digital Deception?

Jun 5, 2024 By John Scott In CultureAI

Machine learning (ML) and AI tools raise concerns over mis- and disinformation. These technologies can ‘hallucinate’ or create text and images that seem convincing but may be completely detached from reality. This may cause people to unknowingly share misinformation about events that never occurred, fundamentally altering the landscape of online trust. Worse – these systems can be weaponised by cyber criminals and other bad actors to share disinformation, using deepfakes to deceive.

Read Post

CultureAI

Read more about Deepfakes: The Next Frontier in Digital Deception?

Enterprise Risk Management Failures: Insights from the Cencora Breach

Jun 4, 2024 By Foresiet In Foresiet

In a significant cybersecurity incident, Cencora, a leading pharmaceutical services provider, experienced a data breach in February 2024, exposing sensitive patient information from 11 major pharmaceutical companies. This breach underscores the critical importance of robust enterprise risk management, vulnerability management, and endpoint security in protecting sensitive data and managing online reputation.

Read Post

Foresiet

Read more about Enterprise Risk Management Failures: Insights from the Cencora Breach

Race to KEV Remediation: Who Tops the Charts in Europe?

Jun 4, 2024 By Sabrina Pagnotta | Research by Ben Edwards In BitSight

In our global study of the CISA KEV Catalog, we uncovered widespread vulnerabilities and the swift pace at which threats evolve. As we dissect the layers of data from the report, it becomes evident that each country's unique approach to cybersecurity regulation, vulnerability management, and remediation presents distinct challenges and opportunities.

Read Post

BitSight

Read more about Race to KEV Remediation: Who Tops the Charts in Europe?

What is Cyber Security? What is its importance?

Jun 4, 2024 By Obrela In Obrela

Starting from basics, what is the Cybersecurity meaning, what does cyber security do, what is the importance of cybersecurity. There are thousands of definitions out there, but the most common one refers to the organisation’s ability to protect itself from online attacks.

Read Post