Cybersecurity white papers, data sheets, webinars, videos and more

July 19, 2024

Crowdstrike Outage: Know Your Supply Chain

Supply chain detection is vital for third-party incident response Knowing Your Supply Chain (KYSC) is becoming an increasingly important component of cyber resilience. Understanding the dependencies within your organization and those of your vendors is critical for responding to incidents effectively. Even the most reliable vendors and partners… Read More

July 17, 2024

Scorecarder Spotlight: Andrew Correll

Our “Scorecarder Learning & Development Spotlight” series showcases our talented, driven employees, the incredible work they do, and their quest to continue their development as lifelong learners. Name: Andrew Correll  Role: Senior Director, Cyber Insurability    Tell us a little about your professional… Read More

Scorecarder Spotlight

July 15, 2024

How to Choose the Right Supply Chain Cyber Risk Managed Service

AI isn’t what’s going to be the hot topic of the next year; it’s going to be data breaches in the supply chain and the cost that companies face by not reacting quickly to this emerging threat. The cyber attack on Change Healthcare, one of the… Read More

Professional Services

Supply Chain Cyber Risk

Third-Party Risk Management

June 25, 2024

The Role of Supply Chain Cyber Risk in U.S. Healthcare: Inside SecurityScorecard’s new report

In late February of this year, Change Healthcare experienced a massive ransomware attack. The company, a subsidiary of United Healthcare, is the largest clearinghouse for insurance billing and payments in the U.S, processing 15 billion medical claims each year. The attack had broad consequences across the healthcare… Read More

Healthcare

June 14, 2024

Cost, convenience, and compliance: The value for insurers of the Forrester Total Economic Impact Study

“We’re now identifying the greatest risks in our external infrastructure, the stuff that any hacker with one day of experience can figure out. Honestly, the ability to have all this third-party risk information aggregated and presented in a usable way for both us and the supplier is… Read More

June 11, 2024

SecurityScorecard Reduced External Third-Party Breaches by 75%

Forrester Total Economic ImpactTM Study: Automatic vendor detection, risk identification, and mitigation holistically manage supply chain cyber risk   The interconnected nature of our digital economy requires a shift in how companies think about their cyber risk. Companies need to consider the broader system and how… Read More

June 10, 2024

Harmonizing Government, Policy, and Technology: Thoughts from Jeff Le, SecurityScorecard’s new VP of Global Government Affairs & Public Policy

For the past twenty years, I have had the pleasure of working at the intersection of public service, technology, and global security. As Deputy Cabinet Secretary to former California Governor Jerry Brown, I responded directly to the technology challenges that the state government faced to protect constituent data,… Read More

Executive Viewpoint

May 23, 2024

The Need for Speed: “Material” Confusion under the SEC’s Cyber Rules

This week, the SEC issued a statement addressing some of the rampant confusion and inconsistencies observed under the agency’s new cyber breach disclosure rule.  The statement itself addresses a technical securities law requirement, that… Read More

Public Sector

May 21, 2024

EPA Alert Warns Nation’s Drinking Water at Risk: SecurityScorecard’s recommendations for securing critical infrastructure

“Protecting our nation’s drinking water is a cornerstone of EPA’s mission, and we are committed to using every tool, including our enforcement authorities, to ensure that our nation’s drinking water is protected from cyberattacks.” -EPA Deputy Administrator Janet McCabe   This week, the U.S. Read More

May 20, 2024

SecurityScorecard Named a Leader in the Forrester Wave for Cybersecurity Risk Ratings

May 21, 2024 Dr. Aleksandr Yampolskiy and Sam Kassoumeh Today, we’re proud to announce that Forrester has named SecurityScorecard a Leader in The Forrester Wave: Cybersecurity Risk Ratings Platforms, Q2 2024. Forrester identified the 10 most significant vendors in cybersecurity risk ratings… Read More

May 17, 2024

Compliance, collaboration, and communication: The benefits of NIST CSF 2.0

As regulatory mandates and frameworks continue to emerge, cybersecurity leaders must continue to adapt to more than just the latest threat actor tactics, techniques, and procedures. As part of our ongoing webinar series centered on compliance, SecurityScorecard’s Senior Product Marketing Manager, Devaney Devoe, moderated a discussion… Read More

Public Sector

May 16, 2024

National Vulnerability Database (NVD) leaves thousands of vulnerabilities without analysis data

The Common Vulnerabilities and Exposures (CVE) List and National Vulnerability Database (NVD) can no longer be considered a single central source of vulnerability truth.   The cybersecurity world is no doubt aware that the National Vulnerability Database (NVD) has been experiencing… Read More

May 14, 2024

Cybersecurity leadership in an era of public-private partnerships

SecurityScorecard recently hosted a webinar with our Co-founder and CEO, Dr. Aleksandr Yampolskiy, and Sue Gordon, the former Deputy Director of National Intelligence and SecurityScorecard board member. Gordon drew on her experience as a key advisor to the President and National Security Council… Read More

Public Sector

May 13, 2024

RSA 2024: The Art of Possible

Our cybersecurity community. Stronger together.    “The best part of RSA is all the amazing people in the community trying to make the world a safer place. It’s also very exciting to see all the innovation to make adversaries’ lives harder – competition and collaboration… Read More

May 13, 2024

SecurityScorecard and Intel: Digging Past the Surface for Enhanced Protection

State of Affairs Threat actors have responded to better protections in the operating system and improved endpoint detection and response (EDR) capabilities by moving down the stack to find entry points with full visibility and privileges into the stack above. Security leaders implementing a defense-in-depth approach… Read More

May 10, 2024

Using Metrics that Matter to Protect Critical Infrastructure

Critical infrastructure services in North America face accelerating threats from both nation-states and other sophisticated threat actors. Governments globally are grappling with how to best balance incentives, support, and direct oversight. Meanwhile, critical infrastructure owners and operators face significant challenges with technology, staff resources, and expertise to… Read More

Public Sector

Security Ratings

May 2, 2024

Examining the Concentration of Cyber Risk: How supply chains and global economies can adapt

Company mergers, the consolidation of cloud technologies, and the interconnected nature of digital business have all led to a more efficient, fast-paced digital economy. But these advantages have also ushered in a higher degree of cyber risk concentration that stands to threaten national security and global economies. It’s… Read More

Third-Party Risk Management

April 26, 2024

Insights from the Experts: Legal, Compliance, and Security Perspectives on SEC Regulations

In July 2023, the U.S. Securities and Exchange Commission (SEC) announced new cybersecurity rules that require publicly traded companies in the U.S. to disclose material cybersecurity incidents within four business days of determining whether the incident is material to the company’s financial performance. SecurityScorecard recently… Read More

Public Sector

April 11, 2024

Cyberattack at Sisense Puts Critical Infrastructure on Alert

SecurityScorecard’s Threat Research STRIKE Team is investigating breaking news of a large-scale cyberattack on Sisense, a major business analytics software company used by both the private and public sectors.    The cybersecurity community woke up on Thursday to news of a cyberattack on Sisense… Read More

Public Sector

April 10, 2024

Change Healthcare Ransomware Attack Spotlights Single Point of Failure with Third-Party Vendor

A core claims-processing unit of UnitedHealth Group was hit with a ransomware attack that cost some hospitals millions of dollars a day    The ongoing cyberattack on Change Healthcare, a major player in medical claims processing in the United States, had profound repercussions across the healthcare sector. With… Read More

Healthcare

Third-Party Risk Management

April 9, 2024

How SecurityScorecard STRIKE Identifies Zero Days in the Wild

The zero-day vulnerability that emerged in Progress Software’s MOVEit Transfer product last year was a stark reminder of the real-world impact of such vulnerabilities. It wreaked havoc on businesses and governments worldwide, with cyber criminals exploiting it since May of 2023. Read More

Cyber Threat Intelligence