Cybersecurity white papers, data sheets, webinars, videos and more

June 10, 2024

Harmonizing Government, Policy, and Technology: Thoughts from Jeff Le, SecurityScorecard’s new VP of Global Government Affairs & Public Policy

For the past twenty years, I have had the pleasure of working at the intersection of public service, technology, and global security. As Deputy Cabinet Secretary to former California Governor Jerry Brown, I responded directly to the technology challenges that the state government faced to protect constituent data,… Read More

Executive Viewpoint

May 23, 2024

The Need for Speed: “Material” Confusion under the SEC’s Cyber Rules

This week, the SEC issued a statement addressing some of the rampant confusion and inconsistencies observed under the agency’s new cyber breach disclosure rule.  The statement itself addresses a technical securities law requirement, that… Read More

Public Sector

May 21, 2024

EPA Alert Warns Nation’s Drinking Water at Risk: SecurityScorecard’s recommendations for securing critical infrastructure

“Protecting our nation’s drinking water is a cornerstone of EPA’s mission, and we are committed to using every tool, including our enforcement authorities, to ensure that our nation’s drinking water is protected from cyberattacks.” -EPA Deputy Administrator Janet McCabe   This week, the U.S. Read More

May 20, 2024

SecurityScorecard Named a Leader in the Forrester Wave for Cybersecurity Risk Ratings

May 21, 2024 Dr. Aleksandr Yampolskiy and Sam Kassoumeh Today, we’re proud to announce that Forrester has named SecurityScorecard a Leader in The Forrester Wave: Cybersecurity Risk Ratings Platforms, Q2 2024. Forrester identified the 10 most significant vendors in cybersecurity risk ratings… Read More

May 17, 2024

Compliance, collaboration, and communication: The benefits of NIST CSF 2.0

As regulatory mandates and frameworks continue to emerge, cybersecurity leaders must continue to adapt to more than just the latest threat actor tactics, techniques, and procedures. As part of our ongoing webinar series centered on compliance, SecurityScorecard’s Senior Product Marketing Manager, Devaney Devoe, moderated a discussion… Read More

Public Sector

May 16, 2024

National Vulnerability Database (NVD) leaves thousands of vulnerabilities without analysis data

The Common Vulnerabilities and Exposures (CVE) List and National Vulnerability Database (NVD) can no longer be considered a single central source of vulnerability truth.   The cybersecurity world is no doubt aware that the National Vulnerability Database (NVD) has been experiencing… Read More

May 15, 2024

What is Security Information and Event Management (SIEM)?

With cyber threats constantly evolving, organizations need robust mechanisms to protect their data and IT infrastructure. Security Information and Event Management (SIEM) has emerged as a critical component of modern cybersecurity strategies, serving as the central nervous system for enterprise security operations.  This… Read More

Tech Center

May 14, 2024

Cybersecurity leadership in an era of public-private partnerships

SecurityScorecard recently hosted a webinar with our Co-founder and CEO, Dr. Aleksandr Yampolskiy, and Sue Gordon, the former Deputy Director of National Intelligence and SecurityScorecard board member. Gordon drew on her experience as a key advisor to the President and National Security Council… Read More

Public Sector

May 13, 2024

RSA 2024: The Art of Possible

Our cybersecurity community. Stronger together.    “The best part of RSA is all the amazing people in the community trying to make the world a safer place. It’s also very exciting to see all the innovation to make adversaries’ lives harder – competition and collaboration… Read More

May 13, 2024

SecurityScorecard and Intel: Digging Past the Surface for Enhanced Protection

State of Affairs Threat actors have responded to better protections in the operating system and improved endpoint detection and response (EDR) capabilities by moving down the stack to find entry points with full visibility and privileges into the stack above. Security leaders implementing a defense-in-depth approach… Read More

May 10, 2024

Using Metrics that Matter to Protect Critical Infrastructure

Critical infrastructure services in North America face accelerating threats from both nation-states and other sophisticated threat actors. Governments globally are grappling with how to best balance incentives, support, and direct oversight. Meanwhile, critical infrastructure owners and operators face significant challenges with technology, staff resources, and expertise to… Read More

Public Sector

Security Ratings

May 2, 2024

Examining the Concentration of Cyber Risk: How supply chains and global economies can adapt

Company mergers, the consolidation of cloud technologies, and the interconnected nature of digital business have all led to a more efficient, fast-paced digital economy. But these advantages have also ushered in a higher degree of cyber risk concentration that stands to threaten national security and global economies. It’s… Read More

Third-Party Risk Management

April 26, 2024

Insights from the Experts: Legal, Compliance, and Security Perspectives on SEC Regulations

In July 2023, the U.S. Securities and Exchange Commission (SEC) announced new cybersecurity rules that require publicly traded companies in the U.S. to disclose material cybersecurity incidents within four business days of determining whether the incident is material to the company’s financial performance. SecurityScorecard recently… Read More

Public Sector

April 18, 2024

Streamlining Your Vulnerability Management Process

With cyber threats lurking around every corner, effective vulnerability management has become crucial for businesses of all sizes. As technology advances, so do the methods and sophistication of cyber attackers. Therefore, it’s imperative for organizations to… Read More

Attack Surface Management

April 18, 2024

Optimizing Rsync Port Configurations for Enhanced Performance and Security

  Data synchronization and transfer have become indispensable tasks for modern businesses and individuals alike. Whether you’re backing up critical files, mirroring data between servers, or deploying updates across a network, efficient and secure file synchronization is key for robust cybersecurity.    Rsync, a powerful and… Read More

Tech Center

April 11, 2024

Cyberattack at Sisense Puts Critical Infrastructure on Alert

SecurityScorecard’s Threat Research STRIKE Team is investigating breaking news of a large-scale cyberattack on Sisense, a major business analytics software company used by both the private and public sectors.    The cybersecurity community woke up on Thursday to news of a cyberattack on Sisense… Read More

Public Sector

April 10, 2024

Change Healthcare Ransomware Attack Spotlights Single Point of Failure with Third-Party Vendor

A core claims-processing unit of UnitedHealth Group was hit with a ransomware attack that cost some hospitals millions of dollars a day    The ongoing cyberattack on Change Healthcare, a major player in medical claims processing in the United States, had profound repercussions across the healthcare sector. With… Read More

Healthcare

Third-Party Risk Management

April 9, 2024

How SecurityScorecard STRIKE Identifies Zero Days in the Wild

The zero-day vulnerability that emerged in Progress Software’s MOVEit Transfer product last year was a stark reminder of the real-world impact of such vulnerabilities. It wreaked havoc on businesses and governments worldwide, with cyber criminals exploiting it since May of 2023. Read More

Cyber Threat Intelligence

April 8, 2024

SecurityScorecard Unveils the Industry’s Most Predictive Cybersecurity Risk Ratings with Refined Scoring Algorithm

Now more than ever, the specter of cyber threats looms large over organizations of all sizes and sectors. The consequences of a data breach stemming from just one vulnerability can be catastrophic, ranging from financial losses to irreparable reputational damage. As businesses strive… Read More

Security Ratings

April 4, 2024

Examining NIST CSF 2.0: Everything you need to know

In 2014, the National Institute of Standards and Technology (NIST) released its Cybersecurity Framework (CSF) following a presidential executive order to help organizations better understand, reduce, and communicate cybersecurity risk. In the decade since its introduction, NIST CSF has become one of the… Read More

Executive Viewpoint

April 3, 2024

The Cybersecurity of the S&P 500: An in-depth analysis from SecurityScorecard

In fall 2023, the U.S. Securities and Exchange Commission (SEC) adopted landmark cybersecurity regulations, requiring public companies to disclose “material” cybersecurity incidents within four days. Prior to this, there were very few breach reporting requirements, leaving business leaders,… Read More

Security Ratings

Supply Chain Cyber Risk