Cybersecurity white papers, data sheets, webinars, videos and more

May 8, 2025

Guide to Developing a Business Continuity Plan

In today’s threat-heavy digital environment, having a Business Continuity Plan (BCP) isn’t just smart, it’s essential. Whether it’s a cyberattack, data breach, ransomware, or natural disaster, organizations need a strategy to mitigate risks, reduce downtime, and ensure continued operations. This guide walks you through how to develop a… Read More

May 8, 2025

Safeguarding Against Subdomain Takeover

Subdomain takeovers are a growing threat in today’s cloud-first ecosystem. As organizations rely on third-party services, continuously launch digital assets, and manage sprawling DNS configurations, they often leave behind vulnerable subdomains ripe for exploitation.  In this article, we explore subdomain takeovers, why they pose such a… Read More

May 8, 2025

What Is a Supply Chain Attack?

A supply chain attack does not start with your firewall. It starts with someone else’s. Instead of targeting your company directly, a cyber attacker looks for weak spots in your organization’s supply chain. That could be a trusted third-party vendor, a widely… Read More

Supply Chain Cyber Risk

Threat-Informed TPRM

May 5, 2025

Scorecarder Spotlight: Chandra Sekhar Betha

Our “Scorecarder Learning & Development Spotlight” series showcases our talented, driven employees, the incredible work they do, and their quest to continue their development as lifelong learners. Name: Chandra Sekhar Betha Role: Senior InfoSec Analyst,… Read More

Scorecarder Spotlight

April 17, 2025

How Much Do Healthcare Data Breaches Really Cost?

Explore how top healthcare data breaches exposed sensitive PII, disrupted patient care, and challenged HIPAA compliance across digital ecosystems. When a data breach occurs in the healthcare industry, the fallout isn’t just reputational—it can interrupt patient care, expose sensitive Personally Identifiable Information (PII), and violate… Read More

Cyber Threat Intelligence

Enterprise Cyber Risk

Third-Party Risk Management

April 11, 2025

CISOs: The Perfect SCORE With Your Board

You’ve done the work—mapped the risks, built the roadmap, secured the right tools. But when it’s time to face the board, the conversation stalls. Not because you’re wrong. Because you’re speaking a different language. Boards don’t operate in threat models and tech stacks. They operate in risk, revenue, and accountability. Read More

Executive Viewpoint

April 9, 2025

Scorecarder Spotlight: Noor Al-Baker

Our “Scorecarder Learning & Development Spotlight” series showcases our talented, driven employees, the incredible work they do, and their quest to continue their development as lifelong learners. Name: Noor Al-Baker Role: Customer Success Manager   Tell us… Read More

Scorecarder Spotlight

March 25, 2025

SecurityScorecard’s Partnership with the TSA Helping to Secure the Nation’s Critical Infrastructure

As part of our continued commitment to making the world a safer place, SecurityScorecard recently partnered with the Transportation Security Administration (TSA). This partnership will enable the agency to more accurately monitor and assess the cyber health of the nation’s pipeline, rail, and aviation transportation systems. We will work closely… Read More

March 21, 2025

How Security Ratings Help Build Strong Business Relationships

Increasingly, companies are working with third-party vendors to streamline business operations. Whether it’s cloud migration to ease workload strains or using a Software-as-a-Service, adding new vendors to your network increases the number of people who interact with your data. It’s not just your vendors who gain access to your data:… Read More

March 21, 2025

5 Reasons to Integrate Continuous Monitoring into Your TPRM Program

In today’s business landscape, it is nearly impossible to work alone. You have to collaborate with clients, vendors, suppliers, specialists, and plenty of other partners all considered third parties to your organization. As a result, these organizations have access to sensitive and confidential data about your company, your customers, or support a… Read More

March 21, 2025

Automating Vendor Risk Management and Assessments

Third and fourth-party vendors have become paramount to many businesses’ operations, as they can help improve efficiency and expand the availability of services. However, these vendors often come with increased cybersecurity risks for your organization. According to Ponemon, the average cost of a data breach increases by… Read More

March 21, 2025

The Principles for Fair & Accurate Security Ratings: A Focus on Confidentiality

SecurityScorecard is actively engaged to ensure our Security ratings align with the Principles for Fair & Accurate Security Ratings, published by the US Chamber of Commerce. As part of this effort we strive to educate the cybersecurity community on how our products align with these important principles. This article is… Read More

March 21, 2025

3 Tangible Benefits of an A Rating

Security ratings are a standard in cybersecurity. Many organizations rely on them to manage their security programs and they create ROI for the organization. Despite the potential benefits, it can be challenging for organizations who are evaluating different security ratings options to determine the value they will get from them. When making… Read More

March 21, 2025

Third-Party Risk Management Regulations: What You Should Know

Without a doubt, partnering with third parties has many advantages, including boosting the functionalities and performance of an organization. But despite the benefits, third parties also introduce a host of risks to an organization, potentially disrupting operations, affecting financial standing, and harming reputation. An understanding of third-party risk management… Read More

March 21, 2025

Third-Party Risk Management Framework: How to Select the Right One

Third-party technology providers can confer huge strategic advantages to a business. It allows each organization to focus on their highest value activities, but there’s a downside; new cyber security risks come with each partnership. Third-party risk is now an integral part of business ecosystems. A solid risk management framework is required… Read More

March 5, 2025

Scorecarder Spotlight: Luciano Bargmann

Our “Scorecarder Learning & Development Spotlight” series showcases our talented, driven employees, the incredible work they do, and their quest to continue their development as lifelong learners. Name: Luciano Bargmann Role: Engineering Manager   Tell us a… Read More

Scorecarder Spotlight

March 4, 2025

Odyssey.conf 2025: Charting the Course for Cyber Resilience

Last week, SecurityScorecard hosted our second annual Odyssey.conf in Miami, Florida. This year’s conference focused on cyber resilience, providing attendees with actionable insights and cutting-edge strategies to navigate the ever-evolving threat landscape. Industry leaders, cybersecurity practitioners, and innovative solution providers gathered at Odyssey.conf to tackle the… Read More

Threat-Informed TPRM

March 4, 2025

From Reactive to Resilient: A New Mindset for Supply Chain Cybersecurity

Supply chain security is no longer just an IT issue, it’s a critical business concern. As recent high-profile breaches like the MOVEit vulnerability have shown, a single vulnerability in a vendor’s system can have a cascading effect, disrupting operations and damaging reputations across the entire supply chain. This… Read More

Threat-Informed TPRM

February 13, 2025

Lazarus Group Targets Developers Through NPM Packages and Supply Chain Attacks

North Korea’s Lazarus Group is evolving its tactics again. The latest campaign, dubbed Operation Marstech Mayhem, introduces an advanced implant named “Marstech1.” This malware is designed to compromise software developers and cryptocurrency wallets through manipulated open-source repositories. Unlike previous Lazarus operations, this campaign employs obfuscation techniques that make… Read More

STRIKE Team

February 10, 2025

A Deep Peek at DeepSeek

DeepSeek’s rapid ascent in the AI space has made it impossible to ignore. Its sophisticated models and AI assistant have captured global attention. And, while headlines focus on DeepSeek’s capabilities, STRIKE research exposes critical security flaws, hidden data flows, and unanswered questions about who has access to the… Read More

STRIKE Team

February 4, 2025

Beyond the Perimeter: Why CISOs Need Supply Chain Detection and Response

Organizations rely heavily on external vendors and suppliers, creating complex supply chains vital for operations. However, this introduces a new dimension of risk: supply chain attacks. The Growing Threat of Supply Chain Attacks Cyberattacks often target the weakest link in the chain. Attackers exploit… Read More

Supply Chain Cyber Risk

Threat-Informed TPRM