S3 Security Is Flawed By Design

Amazon S3, one of the leading cloud storage solutions, is used by companies all over the world to power their IT operations. Over four years, UpGuard has detected thousands of S3-related data breaches caused by the incorrect configuration ...

Vendor Risk: The Impact Of Data Breaches By Your Third-Party Vendors

UpGuard’s researchers regularly uncover and report on corporate data breaches. We often find that the breach is not directly caused by the company, but by one of their third-party vendors. This series of posts is about a less-understood ...

Third-Party Credentials and Vendor Risk: Safeguard Your Applications

Your primary systems aren’t the only source of damaging exposed credentials. Third-party applications employed by your organization also have privileged logins that must be protected. Cloud platforms, software as a service (SaaS), and ...

Our New Cyber Risk Score: Cyber Security Rating (CSR)

As of today, November 1, 2018, we are changing the name of our proprietary cyber risk scoring system, formerly known as the Cyber Security Threat Assessment Report (CSTAR), to the UpGuard Cyber Security Rating (CSR). Over the coming weeks, ...

Don’t Use Production Data In Your Test Environment: The Impact Of Leaked Test Credentials

To deliver technology products and services, companies use multiple technology environments so that changes, updates, and testing can be completed in a controlled way without interrupting customer experience. This is a best practice ...

The Pitfalls Of Leaked Administrative Passwords

The most well-known type of system credential is the administrative, or root password. These types of accounts are “administrators,” meaning they usually have total access to whatever system they are for. Administrator accounts are used by ...

What is Fourth Party Risk?

Every company outsources parts of its operations to multiple suppliers. Those suppliers, in turn, outsource their operations to other suppliers. This is fourth party risk. The risk to your company posed by suppliers' suppliers. Confusing, ...

Inside the Security Ratings for the Riskiest Government Contractors

The government of the Unites States of America is perhaps the largest target on Earth for cyber attacks. The US has plenty of enemies, a track record of perpetrating cyber warfare and espionage (even upon its allies), numerous recent ...

How Trade Secrets Can Be Abused By An Attacker After A Data Breach

Data Exposure Types: System Information

There are many different kinds of sensitive data that can be exposed, each with its own particular exploits and consequences. This article will focus on what we have categorized as “systems information,” data that describes digital ...

The Dangers of Publicly Writable Storage

During the course of UpGuard’s cyber risk research, we uncover many assets that are publicly readable: cloud storage, file synchronization services, code repositories, and more. Most data exposures occur because of publicly readable ...

DevOps and Integrity at FinDEVr San Francisco

Technology conference season is in full swing, with so many events going on that even large ones like PuppetConf and Amazon Re:Invent have been forced to overlap. While part of the UpGuard team traveled to Las Vegas, two of us stayed in ...

Why Do Cloud Leaks Matter?

Introduction Previously we introduced the concept of cloud leaks, and then examined how they happen. Now we’ll take a look at why they matter. To understand the consequences of cloud leaks for the organizations involved, we should first ...

Can Fast Food be Bad For Cybersecurity?

No, we aren't talking about your burger-inhaling operator passing out on the job, leaving your precious IT assets unattended. You've probably guessed that we're referring to the latest Wendy's data breach announcement: on June 9th, ...

Systema Systems' Data Exposure and Cloud Security For The Insurance Industry

The insurance industry has been consistently targeted for cyber attacks as of late, for good reason: sensitive data is at the heart of every process—from handling health insurance claims to archiving medical histories. And because medical ...

UpGuard Tasks: a Lightweight Tracking System for Ops

It's not pleasant to think about, but the fact is that when we go to work we are expected to do things. But what are the things that need doing? If we can answer that question without hours of meetings or dozens of emails we can finish our ...

BitSight Alternative for Managing Cyber Risk

If you’re involved in IT risk or security, you’ve probably encountered BitSight. It is one of a wave of promised solutions to a growing problem: how to manage the risks posed by your IT vendors in the cloud.

Cyber Risk Product Update: May 2018

It's been a busy month for the CyberRisk product team! We're proud of this release, and can't wait to share the details with you. All these new features are immediately available to CyberRisk customers.

BreachSight: an Engine for Securing Data Leaks

When we began building a Cyber Risk Research team at UpGuard, we knew there were unavoidable risks. We would be finding and publishing reports on sensitive, exposed data in order to stanch the flow of such private information onto the ...

Vendor Risk: The Hidden Challenge of GDPR Compliance

The European Union’s GDPR regulations go into effect in May of this year. In essence, GDPR is a strict data privacy code that holds companies responsible for securing the data they store and process. Although GDPR was approved in April ...