%term

Why Your Organization's Security Awareness Training Isn't Working

Jun 18, 2025 By Leah Sadoian In UpGuard

Your IT department just sent out its annual reminder to complete security awareness training. Employees dutifully clicked through their training modules, passed a short quiz, and checked off the compliance box for another year. Ask yourself, does this process really give you confidence that your organization is prepared to dispel today’s security threats? Well, the odds aren’t in your favor.

Read Post

UpGuard

Read more about Why Your Organization's Security Awareness Training Isn't Working

SBOM Is Not the Savior - Addressing the Deeper Problems in Supply Chain Security

Jun 18, 2025 By Scott Kuffer In Nucleus

I hear a lot these days about SBOMs and how they are going to be the key to supply chain security accountability, to even include a Presidential Executive Order mandating SBOMs in the procurement process for federal agencies. There are multiple areas of research going on in this area, such as this Academic SBOM Repository. But before we get too far down the road, let’s get one thing straight: SBOM isn’t going to save us. It’s a transparency tool, not a solution.

Read Post

Nucleus

Read more about SBOM Is Not the Savior - Addressing the Deeper Problems in Supply Chain Security

Who Buys Insider Risk Management? A Business Case Across Roles

Jun 18, 2025 By Veriato Team In Veriato

A staggering 74% of cybersecurity incidents originate from within, and when looking at insider risk, 82% of incidents result from unintentional actions by well-meaning employees. More people are working from home, bringing their own devices, and connecting globally, which is widening the threat landscape. Attackers are more advanced, as they utilize AI and other technology to make their phishing and hacking attempts more sophisticated.

Read Post

Veriato

Read more about Who Buys Insider Risk Management? A Business Case Across Roles

3 Important Ways Attack Surface Management Must Evolve

Jun 17, 2025 By Gabi Reish In BitSight

For the second time in a row, Bitsight has been named an Overall Leader in the KuppingerCole Leadership Compass for Attack Surface Management (ASM)—and it’s not just a title. The report offers a deep dive into how organizations are using ASM to get ahead of cyber threats by proactively managing their digital risk.

Read Post

BitSight

Read more about 3 Important Ways Attack Surface Management Must Evolve

Asana Discloses Data Exposure Bug in MCP Server

Jun 16, 2025 By Greg Pollock In UpGuard

On June 4, Asana identified a bug in its Model Context Protocol (MCP) server and took the server offline to investigate. While the incident was not the result of an external attack, the bug could have exposed data belonging to Asana MCP users to users in other accounts.

Read Post

UpGuard

Read more about Asana Discloses Data Exposure Bug in MCP Server

What Is Cyber Risk

Jun 16, 2025 By Daniel Ghillione In LevelBlue

Did you know that it is estimated that 45% of organizations worldwide will have suffered attacks on their software supply chains this year? Cyber risk is real, and its consequences can be devastating. As digital transformation continues to reshape how businesses operate globally, cyber threats are increasing at a rapid and alarming pace. The term cyber risk refers to the damage posed by these cyber threats.

Read Post

LevelBlue

Read more about What Is Cyber Risk

Checkups and Checklists: Cyber Risk Isn't Just a Technical Problem

Jun 13, 2025 By James McQuiggan In KnowBe4

There are many things in our lives we must prepare for to be ready. For other things, we wing it, or we're not prepared to deal with it at the moment. For me, I've reached that point in my life where I needed to have a medical procedure done, and it was something I've put off for several years. It may not be very comfortable to admit, but last week, I had a colonoscopy. That's not exactly how you'd expect a cybersecurity blog to start, but hear me out on this one!

Read Post

KnowBe4

Read more about Checkups and Checklists: Cyber Risk Isn't Just a Technical Problem

Shadow AI: Examples, Risks, and 8 Ways to Mitigate Them

Jun 13, 2025 By Mend.io Communications In Mend

Shadow AI refers to the unauthorized or unmanaged use of AI tools, models, frameworks, APIs or platforms within an organization, operating outside established governance frameworks. While employees may adopt these AI tools with good intentions, seeking to enhance productivity or solve problems more efficiently, the lack of oversight creates significant security, compliance, and operational risks.

Read Post

Mend

Read more about Shadow AI: Examples, Risks, and 8 Ways to Mitigate Them

Veracode: Application Risk Management for today's AI-driven world

Jun 13, 2025 By VERACODE In Veracode

Discover Veracode, the comprehensive application risk management platform designed for today's AI-driven world. This video provides an overview of how Veracode empowers organizations to build and deploy secure software by offering unified visibility, AI-driven prioritization, and integrated tools for detecting and remediating vulnerabilities. Learn about Veracode's key capabilities, including static analysis (SAST), dynamic analysis (DAST), software composition analysis (SCA), and risk management.

View Video

Veracode

Read more about Veracode: Application Risk Management for today's AI-driven world

TPCRM Framework: Building Digital Trust for Modern Enterprises

Jun 13, 2025 By Edward Kost In UpGuard

Third-party cyber risk management (TPCRM) has emerged as a critical discipline, moving beyond traditional approaches to address the unique and evolving cyber threats posed by vendor relationships. This post explains the core tenets of TPCRM, outlines key requirements for ideal tools, and suggests implementation strategies for this new, important branch of cybersecurity.

Read Post