Resources
Cybersecurity white papers, data sheets, webinars, videos and more
Resource Library
March 4, 2025
Odyssey.conf 2025: Charting the Course for Cyber Resilience
Last week, SecurityScorecard hosted our second annual Odyssey.conf in Miami, Florida. This year’s conference focused on cyber resilience, providing attendees with actionable insights and cutting-edge strategies to navigate the ever-evolving threat landscape. Industry leaders, cybersecurity practitioners, and innovative solution providers gathered at Odyssey.conf to tackle the… Read More
Threat-Informed TPRM
March 4, 2025
From Reactive to Resilient: A New Mindset for Supply Chain Cybersecurity
Supply chain security is no longer just an IT issue, it’s a critical business concern. As recent high-profile breaches like the MOVEit vulnerability have shown, a single vulnerability in a vendor’s system can have a cascading effect, disrupting operations and damaging reputations across the entire supply chain. This… Read More
Threat-Informed TPRM
February 13, 2025
Lazarus Group Targets Developers Through NPM Packages and Supply Chain Attacks
North Korea’s Lazarus Group is evolving its tactics again. The latest campaign, dubbed Operation Marstech Mayhem, introduces an advanced implant named “Marstech1.” This malware is designed to compromise software developers and cryptocurrency wallets through manipulated open-source repositories. Unlike previous Lazarus operations, this campaign employs obfuscation techniques that make… Read More
STRIKE Team
February 10, 2025
A Deep Peek at DeepSeek
DeepSeek’s rapid ascent in the AI space has made it impossible to ignore. Its sophisticated models and AI assistant have captured global attention. And, while headlines focus on DeepSeek’s capabilities, STRIKE research exposes critical security flaws, hidden data flows, and unanswered questions about who has access to the… Read More
STRIKE Team
February 4, 2025
Beyond the Perimeter: Why CISOs Need Supply Chain Detection and Response
Organizations rely heavily on external vendors and suppliers, creating complex supply chains vital for operations. However, this introduces a new dimension of risk: supply chain attacks. The Growing Threat of Supply Chain Attacks Cyberattacks often target the weakest link in the chain. Attackers exploit… Read More
Supply Chain Cyber Risk
Threat-Informed TPRM
January 29, 2025
Operation Phantom Circuit: North Korea’s Global Data Exfiltration Campaign
In December 2024, a routine software update concealed a global threat. Attackers from the Lazarus Group, based in North Korea, infiltrated trusted development tools, compromising hundreds of victims worldwide. This sophisticated campaign, code-named “Phantom Circuit,” targeted cryptocurrency and technology developers, employing advanced obfuscation techniques through proxy servers in… Read More
STRIKE Team
January 16, 2025
What is the Threat Landscape?
The threat landscape refers to the evolving environment of cyber threats, attack methods, and attack vectors targeting organizations, governments, and individuals. Shaped by threat actors like hackers, nation-states, and criminal groups, it has grown increasingly complex with the rise of cloud computing, IoT devices, and interconnected supply chains. … Read More
January 15, 2025
Assembling the Dream Team: Building a High-Performing Supply Chain Incident Response Team
Organizations are increasingly reliant on third-party vendors. While this enables agility and innovation, it also introduces significant security risks. Cyberattacks originating from the supply chain are on the rise, underscoring the critical need for robust security measures. This article explores the key elements of… Read More
Threat-Informed TPRM
January 15, 2025
Operation 99: North Korea’s Cyber Assault on Software Developers
On January 9, the SecurityScorecard STRIKE team uncovered Operation 99, a cyberattack by the Lazarus Group, North Korea’s state-sponsored hacking unit. This campaign targets software developers looking for freelance Web3 and cryptocurrency work. If you thought fake job offers from the group’s Operation Dream Job campaign were bad,… Read More
STRIKE Team
January 10, 2025
Securing Patient Data: A Guide to Managed Services for Supply Chain Detection and Response in Healthcare
Patient data is among the most sensitive and valuable information in the healthcare industry. A single breach can have devastating consequences, including: Severe Fines: HIPAA violations can result in hefty fines, reputational damage, and potential legal action. Loss of Patient Trust: Breaches erode patient… Read More
Threat-Informed TPRM
January 10, 2025
Securing Your Financial Ecosystem: A Guide to Managed Services for Supply Chain Detection and Response
A single breach can have devastating consequences in the highly regulated financial services industry. From reputational damage and customer loss to severe financial penalties, safeguarding your entire ecosystem is paramount. This blog explores the critical role of Managed Services for Supply Chain Detection and Response (SCDR) in securing… Read More
Threat-Informed TPRM
December 19, 2024
Day in the Life of a CISO: A Vendor Breach: Assessing Our Exposure
It’s 10:47 PM, and I’m halfway through binge-watching the latest must-see series when my phone buzzes. A notification from SecurityScorecard has my attention instantly: one of our critical vendors has just reported a breach. I hit pause, grab my laptop, and dive straight in. As much as I’d… Read More
December 17, 2024
Scorecarder Spotlight: Portia Phillips
Our “Scorecarder Learning & Development Spotlight” series showcases our talented, driven employees, the incredible work they do, and their quest to continue their development as lifelong learners. Name: Portia Phillips Role: Senior Manager, Field Marketing … Read More
Scorecarder Spotlight
December 17, 2024
Securing Your Healthcare Supply Chain: A Guide to Supply Chain Detection and Response
The Evolving Threat Landscape In today’s interconnected healthcare landscape, supply chain security has emerged as a critical concern. Cyber threats are becoming increasingly sophisticated, targeting vulnerable points in the supply chain to infiltrate networks and steal sensitive patient data. As a result, healthcare organizations must… Read More
Healthcare
Threat-Informed TPRM
December 13, 2024
Difference Between Supply Chain Detection & Response (SCDR) vs. Managed Detection and Response Services (MDR)
In today’s cybersecurity landscape, organizations face an ever-growing variety of threats, many of which originate from their supply chains. Traditional cybersecurity measures like Managed Detection and Response (MDR) have been widely adopted, but newer, more advanced approaches like Supply Chain Detection and Response (SCDR)… Read More
December 13, 2024
A Day in the Life of a CISO: An Employee Email Discovered in a Password Dump
The notification lands in my SecurityScorecard dashboard just as I’m wrapping up a meeting. An employee’s email address has shown up in a password dump on a dark web monitoring feed. Another day, another reminder of why cybersecurity is a full-contact sport. I immediately… Read More
December 13, 2024
Day in the Life of a CISO: Evaluating a Plugin Vendor
It’s mid-morning, and I’m making good progress when an email from a department head pops into my inbox. They’re thrilled about a new plugin that promises to streamline workflows for one of our most critical platforms. Naturally, they need me to sign off on the vendor’s security posture… Read More
December 12, 2024
How SecurityScorecard’s Supply Chain Detection and Response Protects Financial Institutions
As financial institutions continue to expand their digital ecosystems, the growing reliance on third-party vendors and service providers introduces significant cyber risks. With a majority of data breaches linked to vulnerabilities in the supply chain, managing these risks has become a necessity. Traditional third-party risk management… Read More
December 3, 2024
Grow Your MSP Practice with SecurityScorecard MAX
Managing vendor security is a growing challenge for MSPs. Clients expect you to deliver enterprise-grade protection across their entire supply chain. However, many struggle with limited resources, manual processes, and the complexity of addressing third-party risks. SecurityScorecard MAX turns this challenge into an opportunity, helping you protect your… Read More
November 26, 2024
2025 Security Predictions: The Forces Reshaping Cybersecurity
As 2025 approaches, cybersecurity leaders are bracing for a year of intensifying challenges. Regulations are tightening, nation-state attackers are refining their strategies, and CISOs are under growing pressure. Aleksandr Yampolskiy, Co-Founder and CEO, Jeff Le, VP of Global Government Affairs and Public Policy, and Steve Cobb, CISO, all… Read More
Executive Viewpoint
Supply Chain Cyber Risk
Third-Party Risk Management