BLOG
SecurityScorecard Blog








Reverse-Engineering Java and JavaScript Malware
SecurityScorecard recently reverse-engineered the Vjw0rm worm written in JavaScript and the Java-based STRRAT Remote Access Trojan (RAT). This will help security teams protect against these specific threats and provide a general approach for analyzing JavaScript and Java malware. Security researchers can use these methods to investigate the same or similar forms of malware.







Cyber Risk and Innovation in the Healthcare Sector
Last week, we had the privilege of attending a Global Town Hall hosted by the Cyber Future Foundation (CFF), focused on cybersecurity in the healthcare sector. This was a valuable opportunity to discuss notable insights based on our data, as well as several of the critical trends we’re seeing in this field.
Cyberattacks on healthcare organizations are on the rise, and threat actors know that more connections in a network mean more opportunities for compromise. Organizations in the healthcare sector need a way to understand their security posture, and how it is impacted by the cyber health of the partners that connect to their systems.






Minimizing public sector cybersecurity risk
The public sector is critical to national and international security, yet new research from SecurityScorecard and the Cyentia Institute found that 61.6% of public sector agencies have open cyber vulnerabilities, taking a median of 309 days to remediate.
So, what can organizations do to minimize risk stemming from their business ecosystems? The aforementioned report analyzed SecurityScorecard’s data from over 230,000 organizations to provide insights on this important topic.






CISO Health and Wellness:
An Unconventional Solution to a Systemic Challenge
Many CISOs are experiencing burnout, and we should talk about it more than we do. We also need to do something about it.
We need structural support for CISO health and wellness. Admitting that we have a problem is one of the first real steps towards solving the problem. Talking about CISO burnout and health issues is necessary to build better and more sustainable plans to be resilient and thereby continue to earn the trust and respect we deserve.






Translate Cyber Risk into Dollars With SecurityScorecard
SecurityScorecard launched its Cyber Risk Quantification product in April 2022, allowing customers to quantify the financial impact of cyber risk and help facilitate collaboration and communication among business stakeholders. When everyone is aware of their cyber risk and transparent about the investments being made to reduce it, an organization will experience better cybersecurity outcomes.






SecurityScorecard’s Partnership with the TSA
As part of our continued commitment to making the world a safer place, SecurityScorecard recently partnered with the Transportation Security Administration (TSA). This partnership will enable the agency to more accurately monitor and assess the cyber health of the nation’s pipeline, rail, and aviation transportation systems.






Don’t Manage Third-Party Risk Alone
New research from the Cyentia Institute found that 98% of organizations do business with a third party that has suffered a breach. The report also found that the average firm has 11 third-party relationships and hundreds of indirect fourth- and nth-party relationships. Bottom line: an expanding attack surface makes companies more prone to cyberattacks.






How to Get the Most Value from Vendor Risk Questionnaires
One of the most common ways to understand third party risk is through vendor risk assessment questionnaires, which provide a standardized method for evaluating a vendor’s security practices and controls.
However, these questionnaires can sometimes yield conflicting results compared to security data, leaving organizations needing help with how to proceed. In this article, we will explore the value of vendor risk assessment questionnaires and guide what to do when responses disagree with security data.






AI, Cybersecurity, and Emerging Regulations
The SecurityScorecard team has just returned from an exciting week in San Francisco at RSA Conference 2023. This year’s theme, “Stronger Together,” was meant to encourage collaboration and remind attendees that when it comes to cybersecurity, no one goes it alone.






A Closer Look at SecurityScorecard Marketplace
On average, organizations deploy 47 different cybersecurity solutions and technologies. This puts security, IT, and VRM teams in a difficult position, working with various tools that don’t integrate. One-third of organizations identify “non-integration of security tools” as a major roadblock to getting the total value of their investments.
With over 90 integrations, SecurityScorecard Marketplace offers more integrations than any other ratings provider, allowing customers to seamlessly leverage SecurityScorecard data in their existing systems and workflows.


