Organizations often regard cybersecurity as a series of barricades protecting the inner workings of the data center from attacks. These barricades can be hardware or software and take actions such as blocking ports, watching traffic patterns for possible intrusions, encrypting communications and so forth. In practice, these measures are only part of a comprehensive cybersecurity strategy, and by themselves will do little to bolster the overall resilience of an organization. But thoroughly tested and streamlined procedures within IT operations can prevent the most common attack point on the internet: misconfigurations.
Our new digital reputation scan provides a fast and easy way to get a risk assessment for your (or any) business. We look at the same stuff that other external risk assessment tools do– SSL configurations, breach history, SPF records and other domain authenticity markers, blacklists and malware activity. We're happy to offer this service for free, because that information is public and we believe that it's what's inside that really matters. Most of the elements we include in our external assessment are not controversial, but one resulted in arguments lasting several days: the CEO approval rating.
In selecting which checks would go into our risk assessment, we here at UpGuard looked at similar site assessment tools and selected only the checks that we thought were relevant to our goal: risk assessment, which overlaps with, but isn't identical to, website best practices. Plus, there are already fine tools for performing those best practices functions, so why duplicate them? We also intentionally omitted checks we thought would not be significant for calculating the risk of data breach and the damage it would cause.
If you regularly use a computer, chances are you spend at least part of your time reading internet news. If you have a subscription, you might even log in and enter your payment info. But how secure are news sites? Here at UpGuard, we took a look at six of the top news media sites on the internet to see how their security stacked up. Many big names had low scores, while a few did very well. What does this mean for the average online news reader?
Years ago, our company set out with a mission to solve a problem of trust between software developers and admins. We knew the problem existed firsthand—at our old jobs in a large Australian bank, one of us had been developing software and the other managing operations. We had a disagreement about how to proceed with a deployment. Dev insisted everything was ready but Ops pushed back, saying there was not enough information to trust the changes about to take place. We each saw merit in the other's argument and knew this had to be happening everywhere, so we left our 9-to-5's to build a solution.
We’ve had the privilege to participate in many successful deployments here at UpGuard. Yet, despite our rapid delivery and metrics like time-to-value surpassing expectations, we found that some of our customers were having some trouble using our platform to move along the path of digital transformation. Sometimes a single feature is enough to convince an organization to invest in a piece of software, but our tack is more holistic. Our view of resilience, and the way in which we manage cyber risk for the enterprise, helps companies in any stage of their digital transformation build the necessary trust to push their business down this often-new and unexplored road.
Whether you’re deploying hundreds of Windows servers into the cloud through code, or handbuilding physical servers for a small business, having a proper method to ensure a secure, reliable environment is crucial to success. Everyone knows that an out-of-the-box Windows server may not have all the necessary security measures in place to go right into production, although Microsoft has been improving the default configuration in every server version. UpGuard presents this ten step checklist to ensure that your Windows servers have been sufficiently hardened against most attacks.
Online business has made traveling for events like the Olympics easier and faster by putting everything from airlines to hotel rooms at the fingertips of anyone with a smartphone and an internet connection. But transferring your personal and financial data across the internet is only as secure as the companies on the other end make it, and from site to site there can be a vast difference of risk. The differences don't necessarily come where you'd expect either, with many popular organizations having middling to low security practices. How can you know who to trust?
For believers of the old adage love of money is the root of all evil, it comes as no surprise that most data breaches are carried out for financial gain. Verizon's 2016 Data Breach Investigations Report (DBIR) reveals that the 75 percent of cyber attacks appear to have been financially motivated; suffice to say, it's not surprising that ATMs are constantly in the crosshairs of cyber attackers.
Facebook's Mark Zuckerberg, Google's Sundar Pichai, Twitter's Jack Dorsey, what do these three high-flying CEOs have in common? Their social media accounts were all hijacked recently due to bad password habits. To be fair, these breaches occurred indirectly as a result of triggering events—for example, the massive Linkedin data breach led to Zuckerberg's Twitter account getting hijacked, but one thing is for certain: the executive leadership of the world's leading tech companies are as prone to password management mishaps as the rest of us. And—as the latest LastPass vulnerability serves to illustrate—password management solutions may no longer be a safe alternative for memorizing passwords.
In 2015, organizations spent over $75 billion on cybersecurity. That’s a lot of money. But 2015 also saw a rise in successful cyber attacks, costing companies hundreds of billions of dollars in damages, loss and other related expenditures. Did all of the security software and hardware purchased with that $75B fail to do its job? Today's landscape requires more than just a collection of isolated products handling specific tasks—it needs an integrated ecosystem dedicated to overall resilience.