Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A Remote Access Trojan (RAT) is a type of malware that enables an attacker to gain remote access over an infected system. Once a machine is compromised by a Remote Access Trojan, your system is at high risk of covert surveillance, data exfiltration, and other methods of malicious remote compromise. This article defines what a Remote Access Trojan (RAT) is and how you can take action to protect your system with UpGuard BreachSight.

Over the past five years, digital supply chains have evolved significantly, spurred by post-pandemic corrections, technological advancements, and globalization. This evolution has made the average organization more efficient and better suited to handle the demands of their unique operation. However, these same supply chain advancements have also introduced a host of new cybersecurity concerns and dramatically expanded the attack surface of most organizations.

FIPS 140-2 is a federal information processing standard that manages security requirements for cryptographic modules. The National Institute of Standards and Technology (NIST) published the security standard in November 2001 to develop coordinated requirements for hardware computer components. NIST replaced FIPS 140-2 with FIPS 140-3 in March 2019. This iteration introduced new critical security parameters for software and firmware and updated the four critical security levels that FIPS 140-2 introduced.

Enterprise risk management (ERM) frameworks allow organizations to identify, assess, manage, and monitor risks across all levels of an organization. One of the most well-known approaches to ERM is the COSO ERM framework published by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). The framework offers guidelines and best practices for organizations seeking to achieve a balanced perspective on risk.

Your domain is the route that all users, including your current and prospective customers, take to access your organization on the internet. While your actual system is set up with server IP addresses likely in a cloud environment, your users won't use a string of numbers to access your website. Instead, they will use your domain name and Domain Name System (DNS) routing to get to your site.

The EU Network and Information Security (NIS) Directive was adopted by the European Commission in 2016 and focused on establishing comprehensive cybersecurity regulations across the European Union. The NIS Directive is a robust piece of legislation enforced by local laws within each member state, working alongside other EU-wide regulations like the GDPR. The NIS Directive applies to Digital Service Providers (DSPs) and Operators of Essential Services (OES).

ISO 31010 is a supplementary document to the risk management standard ISO 31000. It was developed to support the risk assessment process in ISO 31000, outlining different risk assessment techniques to broaden the scope of an organization’s risk evaluation methods. This post offers a comprehensive overview of ISO/IEC 31010, highlighting the standard’s potential to increase the effectiveness of risk management strategies. Learn how UpGuard streamlines Vendor Risk Management >

ISO/IEC 27002 offers guidance on implementing an Information Security Management System (ISMSP). This international standard is very effective at helping organizations protect themselves against various information security risks through a series of security control categories. However, with the standard addressing such diverse information security risks, cybersecurity teams often find implementation and maintaining alignment a significant challenge.

The International Standardization Organization (ISO) introduced the latest version of ISO 22301 in 2019. This framework includes strategies, standards, and requirements organizations can use to implement a business continuity management system (BCMS). To appeal to and assist the most comprehensive array of organizations, ISO 22301 includes generic regulatory requirements that organizations can implement to improve organizational resilience in various contexts.

Nearly every company in the modern era has a website. This site, sometimes called a web application, functions as the information center for the business. Keeping your website active is critical for ensuring that your customers and prospects can access the information they need. Maintaining a website also creates brand presence and strong search engine optimization (SEO), which helps businesses to build trust and credibility in their industry.