Whether browsing the internet on a mobile device, or maintaining dozens of servers, we place trust in the security and integrity of the systems to which we are entrusting our most valuable data. With every decision we make to trust in such systems, we expose ourself a bit more to the risk that a breach might compromise this information. With every permission granted, every personal detail entered, you open yourself up a bit more to such a possibility. This is cyber risk: a fact of life in the world of today, endemic to any activity relying on internet-facing technology.
Yet the truth is that even as technology continues to improve and quicken, cyber risk is invisible to most enterprises taking on your privileged information. Unfortunately, in recent years, the only events that have meaningfully alerted the corporate and administrative worlds to the importance of cyber risk have been massive breaches of the sort suffered by retail giant Target or dying web portal Yahoo. A devastating, criminal compromising of sensitive data should not be the cost of doing business. Institutions should treat your personal information with the respect it demands; if they do not, they too will suffer the consequences.
In keeping with UpGuard’s utility as a cyber resilience platform giving full visibility into, and control over, IT systems, we know just how serious this problem can be. We’ve seen the problem firsthand. We have seen how cyber risk can afflict businesses and government agencies, exposing vulnerable people to harms that can last for decades. As the first cyber resilience platform, we want to help raise awareness of this critical issue in ways that are immediately relevant to the people affected by them.
But perhaps we can do more. Perhaps the best way to serve this public interest is by finding the breaches themselves. This website, and the work published here, seeks to aid that mission, as we find breaches where they live, helping to secure them and informing the public of how the most prominent institutions have succeeded or misstepped in achieving cyber resilience.
The most immediate and potentially consequential impact we can have is in finding exposed data before those with malicious intent do, alerting stakeholders to secure the information, and raising awareness of cyber risk as a critical issue with a broader audience. The exposures are out there, and unfortunately plentiful. By finding these breaches, the Cyber Risk Team at UpGuard can demonstrate the supreme importance of securing the future of technology—one breach discovery at a time.
Misconfigurations are an internal problem that emanate from within the IT infrastructure of any enterprise; no hacker is necessary for massive damage to occur to digital systems and stored data. And the problem is pervasive, with Gartner estimating anywhere from 70% to 99% of data breaches result not from external, concerted attacks, but from internal misconfiguration of the affected IT systems.