Cybersecurity white papers, data sheets, webinars, videos and more

April 9, 2025

Scorecarder Spotlight: Noor Al-Baker

Our “Scorecarder Learning & Development Spotlight” series showcases our talented, driven employees, the incredible work they do, and their quest to continue their development as lifelong learners. Name: Noor Al-Baker Role: Customer Success Manager   Tell us… Read More

Scorecarder Spotlight

March 25, 2025

SecurityScorecard’s Partnership with the TSA Helping to Secure the Nation’s Critical Infrastructure

As part of our continued commitment to making the world a safer place, SecurityScorecard recently partnered with the Transportation Security Administration (TSA). This partnership will enable the agency to more accurately monitor and assess the cyber health of the nation’s pipeline, rail, and aviation transportation systems. We will work closely… Read More

March 21, 2025

How Security Ratings Help Build Strong Business Relationships

Increasingly, companies are working with third-party vendors to streamline business operations. Whether it’s cloud migration to ease workload strains or using a Software-as-a-Service, adding new vendors to your network increases the number of people who interact with your data. It’s not just your vendors who gain access to your data:… Read More

March 21, 2025

5 Reasons to Integrate Continuous Monitoring into Your TPRM Program

In today’s business landscape, it is nearly impossible to work alone. You have to collaborate with clients, vendors, suppliers, specialists, and plenty of other partners all considered third parties to your organization. As a result, these organizations have access to sensitive and confidential data about your company, your customers, or support a… Read More

March 21, 2025

Automating Vendor Risk Management and Assessments

Third and fourth-party vendors have become paramount to many businesses’ operations, as they can help improve efficiency and expand the availability of services. However, these vendors often come with increased cybersecurity risks for your organization. According to Ponemon, the average cost of a data breach increases by… Read More

March 21, 2025

The Principles for Fair & Accurate Security Ratings: A Focus on Confidentiality

SecurityScorecard is actively engaged to ensure our Security ratings align with the Principles for Fair & Accurate Security Ratings, published by the US Chamber of Commerce. As part of this effort we strive to educate the cybersecurity community on how our products align with these important principles. This article is… Read More

March 21, 2025

3 Tangible Benefits of an A Rating

Security ratings are a standard in cybersecurity. Many organizations rely on them to manage their security programs and they create ROI for the organization. Despite the potential benefits, it can be challenging for organizations who are evaluating different security ratings options to determine the value they will get from them. When making… Read More

March 21, 2025

Third-Party Risk Management Regulations: What You Should Know

Without a doubt, partnering with third parties has many advantages, including boosting the functionalities and performance of an organization. But despite the benefits, third parties also introduce a host of risks to an organization, potentially disrupting operations, affecting financial standing, and harming reputation. An understanding of third-party risk management… Read More

March 21, 2025

Third-Party Risk Management Framework: How to Select the Right One

Third-party technology providers can confer huge strategic advantages to a business. It allows each organization to focus on their highest value activities, but there’s a downside; new cyber security risks come with each partnership. Third-party risk is now an integral part of business ecosystems. A solid risk management framework is required… Read More

March 5, 2025

Scorecarder Spotlight: Luciano Bargmann

Our “Scorecarder Learning & Development Spotlight” series showcases our talented, driven employees, the incredible work they do, and their quest to continue their development as lifelong learners. Name: Luciano Bargmann Role: Engineering Manager   Tell us a… Read More

Scorecarder Spotlight

March 4, 2025

Odyssey.conf 2025: Charting the Course for Cyber Resilience

Last week, SecurityScorecard hosted our second annual Odyssey.conf in Miami, Florida. This year’s conference focused on cyber resilience, providing attendees with actionable insights and cutting-edge strategies to navigate the ever-evolving threat landscape. Industry leaders, cybersecurity practitioners, and innovative solution providers gathered at Odyssey.conf to tackle the… Read More

Threat-Informed TPRM

March 4, 2025

From Reactive to Resilient: A New Mindset for Supply Chain Cybersecurity

Supply chain security is no longer just an IT issue, it’s a critical business concern. As recent high-profile breaches like the MOVEit vulnerability have shown, a single vulnerability in a vendor’s system can have a cascading effect, disrupting operations and damaging reputations across the entire supply chain. This… Read More

Threat-Informed TPRM

February 13, 2025

Lazarus Group Targets Developers Through NPM Packages and Supply Chain Attacks

North Korea’s Lazarus Group is evolving its tactics again. The latest campaign, dubbed Operation Marstech Mayhem, introduces an advanced implant named “Marstech1.” This malware is designed to compromise software developers and cryptocurrency wallets through manipulated open-source repositories. Unlike previous Lazarus operations, this campaign employs obfuscation techniques that make… Read More

STRIKE Team

February 10, 2025

A Deep Peek at DeepSeek

DeepSeek’s rapid ascent in the AI space has made it impossible to ignore. Its sophisticated models and AI assistant have captured global attention. And, while headlines focus on DeepSeek’s capabilities, STRIKE research exposes critical security flaws, hidden data flows, and unanswered questions about who has access to the… Read More

STRIKE Team

February 4, 2025

Beyond the Perimeter: Why CISOs Need Supply Chain Detection and Response

Organizations rely heavily on external vendors and suppliers, creating complex supply chains vital for operations. However, this introduces a new dimension of risk: supply chain attacks. The Growing Threat of Supply Chain Attacks Cyberattacks often target the weakest link in the chain. Attackers exploit… Read More

Supply Chain Cyber Risk

Threat-Informed TPRM

January 29, 2025

Operation Phantom Circuit: North Korea’s Global Data Exfiltration Campaign

In December 2024, a routine software update concealed a global threat. Attackers from the Lazarus Group, based in North Korea, infiltrated trusted development tools, compromising hundreds of victims worldwide. This sophisticated campaign, code-named “Phantom Circuit,” targeted cryptocurrency and technology developers, employing advanced obfuscation techniques through proxy servers in… Read More

STRIKE Team

January 16, 2025

What is the Threat Landscape?

The threat landscape refers to the evolving environment of cyber threats, attack methods, and attack vectors targeting organizations, governments, and individuals. Shaped by threat actors like hackers, nation-states, and criminal groups, it has grown increasingly complex with the rise of cloud computing, IoT devices, and interconnected supply chains. … Read More

January 15, 2025

Assembling the Dream Team: Building a High-Performing Supply Chain Incident Response Team

Organizations are increasingly reliant on third-party vendors. While this enables agility and innovation, it also introduces significant security risks. Cyberattacks originating from the supply chain are on the rise, underscoring the critical need for robust security measures. This article explores the key elements of… Read More

Threat-Informed TPRM

January 15, 2025

Operation 99: North Korea’s Cyber Assault on Software Developers

On January 9, the SecurityScorecard STRIKE team uncovered Operation 99, a cyberattack by the Lazarus Group, North Korea’s state-sponsored hacking unit. This campaign targets software developers looking for freelance Web3 and cryptocurrency work. If you thought fake job offers from the group’s Operation Dream Job campaign were bad,… Read More

STRIKE Team

January 10, 2025

Securing Patient Data: A Guide to Managed Services for Supply Chain Detection and Response in Healthcare

Patient data is among the most sensitive and valuable information in the healthcare industry. A single breach can have devastating consequences, including: Severe Fines: HIPAA violations can result in hefty fines, reputational damage, and potential legal action. Loss of Patient Trust: Breaches erode patient… Read More

Threat-Informed TPRM

January 10, 2025

Securing Your Financial Ecosystem: A Guide to TPRM Managed Services

A single breach can have devastating consequences in the highly regulated financial services industry. From reputational damage and customer loss to severe financial penalties, safeguarding your entire ecosystem is paramount. This blog explores the critical role of Managed Services for Third-Party Risk Management (TPRM) powered by SecurityScorecard’s TITAN… Read More

Threat-Informed TPRM