Cybersecurity white papers, data sheets, webinars, videos and more

March 21, 2024

Why metrics—and context—matter: How CISOs can measure and communicate cyber resilience

Cyberattacks in the digital supply chain are now some of the most common cyber incidents today, with many of the recent major breaches resulting from a single vulnerability. Because of the rapid pace and scale of these attacks,… Read More

Executive Viewpoint

Security Ratings

March 20, 2024

From Brackets to Breaches: Securing Your Network Against March Madness Scams

As March Madness sweeps across the nation, the excitement and frenzy associated with the NCAA Basketball Tournament also ushers in a season ripe for cyber threats. This annual college basketball tournament, beloved by millions, creates a unique environment that cybercriminals exploit to launch sophisticated social engineering… Read More

Supply Chain Cyber Risk

March 20, 2024

Harnessing the Power of Artificial Intelligence: A closer look at the European Union’s new landmark legislation

Artificial intelligence (AI) has become one of the most transformative forces of our time. From the mundane tasks of everyday life to the complexities of global industries, artificial intelligence continues to permeate every aspect of society, reshaping how we live, work, and interact. The growing importance of AI is not… Read More

Executive Viewpoint

Public Sector

March 19, 2024

Celebrating Cybersecurity Excellence: Forbes Most Cybersecure Banks, 2024

To recognize best-in-class consumer financial institutions and their Chief Information Security Officers (CISOs), Forbes just released its 2024 list of the top 50 consumer banks with the most robust cybersecurity. Together with Forbes, we are proud to recognize top CISOs and their dedication to safeguarding customer data. … Read More

Security Ratings

March 18, 2024

What are Security Ratings?

A security rating (also known as a cybersecurity rating) is a quantifiable measurement of an organization’s security posture, enabling insightful and data-driven decisions around the security performance of an organization and their third-party vendors. SecurityScorecard offers easy-to-understand A-F security ratings driven by ten groups of risk factors. As the economy moves… Read More

Tech Center

March 13, 2024

Third-party Cybersecurity Incident Response Readiness Plan

Software supply chain flaws help attackers scale Given recent massive one-to-many breaches like MOVEit, a company’s ability to respond effectively to supply chain vulnerabilities is critical. Software supply chain flaws help threat actors scale, and attackers will go directly through your vendors if they can’t access… Read More

Third-Party Risk Management

March 12, 2024

Infosys McCamish Systems Third-Party Breach: Possible Attack Vectors and Infrastructure

In response to the identification of Infosys McCamish Systems (IMS) as the point of origin for a third-party data breach claimed by the LockBit ransomware group, SecurityScorecard researchers reviewed findings on the security hygiene of IMS. Our investigation identified attack vectors that the perpetrators could have used in… Read More

Cyber Threat Intelligence

March 12, 2024

Forrester Includes SecurityScorecard in Cybersecurity Risk Ratings (CRR) Landscape Report

Recent high-profile data breaches attributed to SolarWinds, Log4j, MOVEit, and more have demonstrated that the world still lacks a standard framework to measure cyber risk. Cybercriminals continue to exploit the trusted relationships between companies and their third-party suppliers and vendors… Read More

Security Ratings

March 8, 2024

Choosing Your Code Repository: Navigating the Security Landscape of Bitbucket vs GitHub

Why Code Repository Security Is Under Scrutiny in 2025 Source code is one of the most valuable digital assets an enterprise owns. In 2025, the risks tied to exposed, leaked, or tampered code are higher than ever. From supply chain compromise to intellectual property (IP) theft, code… Read More

Tech Center

March 8, 2024

Defender for Endpoint: Transforming Endpoint Security with Advanced Threat Protection

In an era where cyber threats are becoming increasingly sophisticated and pervasive, securing endpoints is paramount. Microsoft Defender for Endpoint emerges as a key player in the cybersecurity arena, offering comprehensive protection against a wide array of threats. This blog post delves into how Defender for Endpoint… Read More

Tech Center

March 6, 2024

What is Sentinel? Harnessing the Power of Cloud-Native SIEM for Modern Cybersecurity Challenges

In the rapidly evolving landscape of cybersecurity, staying ahead of threats requires not just vigilance but advanced technology. Sentinel, Microsoft’s cloud-native Security Information and Event Management (SIEM) solution, represents a leap forward in the way organizations detect, investigate, and respond to cyber threats. This blog post… Read More

Tech Center

March 6, 2024

SMB Port Numbers: A Guide to Optimizing and Securing Your Network

In the digital age, where data is the new gold, ensuring the security and efficiency of network communication is paramount for businesses of all sizes. The Server Message Block (SMB) protocol plays a crucial role in facilitating file sharing, network browsing, and printer access among devices on a… Read More

Tech Center

March 6, 2024

New Malware Attributed to Russian Hacking Group APT28

Late last year, the Computer Emergency Response Team of Ukraine (CERT-UA) released an advisory that reported cyberattacks targeting Ukrainian state organizations attributed to the Kremlin-backed nation-state group APT28, aka Fancy Bear/Sofacy. The advisory listed the use of a new backdoor named “OCEANMAP,”… Read More

Cyber Threat Intelligence

March 4, 2024

What Are Proactive Ransomware Prevention Strategies for 2025?

Ransomware attacks remain one of the most destructive and costly cyber threats facing organizations today. These malicious software attacks encrypt files on a device, rendering them inaccessible to users, and demand a ransom for decryption keys. Many hacking groups exploit remote infrastructure, leverage… Read More

Attack Surface Management

Tech Center

March 1, 2024

SecurityScorecard 2024 Global Third-Party Cybersecurity Breach Report: Software supply chain is top target for ransomware groups

The SecurityScorecard Global Third-Party Breach Report uses the world’s largest proprietary risk and threat dataset to provide unique insights into the intricate web of supply chain vulnerabilities exploited by ransomware groups.   As the digital landscape continues to evolve, so too do the tactics of cyber… Read More

Cyber Threat Intelligence

Supply Chain Cyber Risk

February 23, 2024

Implementing Non-Repudiation in Your Security Strategy: Best Practices and Techniques

Trying to run a secure business? Then you know that defending against unauthorized access is only half the battle. The other half is ensuring that when a transaction or communication does happen, the responsible party can never successfully deny it. That essential layer of… Read More

Tech Center

February 23, 2024

Securing Port 139: Strategies to Prevent Unauthorized Access and Cyber Threats

In the realm of network security, safeguarding communication ports is a fundamental aspect of protecting a network’s integrity and confidentiality. Port 139, primarily used by the Server Message Block (SMB) protocol for file sharing in Windows networks, stands out as a critical point… Read More

Tech Center

February 23, 2024

The Essential Guide to SMB Port Configuration for Enhanced Network Security

The Server Message Block (SMB) protocol is a critical component of Windows networking, facilitating the sharing of files, printers, and serial ports among devices on the same network. While SMB plays a pivotal role in enhancing operational efficiency and collaboration within organizations, its associated ports, especially Port 445,… Read More

Tech Center

February 23, 2024

Port 445: Understanding Its Role in Cyber Attacks and Strategies for Defense

Understanding the nuances of network ports can be the key to safeguarding your digital assets against unauthorized access and cyber attacks. Among these, Port 445 stands out due to its significant role in network communication and its notorious association with various cyber threats. Read More

Tech Center

February 22, 2024

Top 10 Cybersecurity Questions to Ask Your Vendors: A step-by-step guide to reduce supply chain risk

A cybersecurity vendor questionnaire is vital in assessing the competency and reliability of potential partners. It serves as a comprehensive tool to evaluate various aspects crucial for safeguarding sensitive data and infrastructure. Through detailed inquiries about security protocols, compliance measures, incident response plans,… Read More

Supply Chain Cyber Risk

Tech Center