The Forrester Wave™: Cybersecurity Risk Ratings Platforms, Q2 2024

Blog May 13, 2024

RSA 2024: The Art of Possible

Our cybersecurity community. Stronger together. 

 

“The best part of RSA is all the amazing people in the community trying to make the world a safer place. It’s also very exciting to see all the innovation to make adversaries’ lives harder – competition and collaboration make us better.”

– CEO & Co-Founder Dr. Aleksandr Yampolskiy

 

The SecurityScorecard team has just returned from an incredible week in San Francisco at RSA Conference 2024! This year’s theme, “The Art of Possible,” was meant to encourage collaboration and embracing the power of community to shape a resilient and more secure world. 

Check out highlights from our action-packed week.

 

RSA President’s Forum 

We were honored to share the stage with Cigna Healthcare CISO Kevin McCarty at the 2024 RSA Conference President’s Forum. Our CEO and Co-Founder, Dr. Aleksandr Yampolskiy, discussed new research from SecurityScorecard and McKinsey & Company on concentrated cyber risk. He and McCarty also shared strategies for protecting against third-party attacks like Change Healthcare, which has forced corporate security executives to double down on efforts to bolster supplier oversight and cybersecurity measures. 

A big thank you to Evolution Equity Partners, Richard Seewald, and Robert Rodriguez for organizing such an impactful event in front of hundreds of CISOs and CEOs.

 

SecurityScorecard Co-Founder & CEO greeting President Bill Clinton at the RSA 2024 President’s Forum

 

Cigna Healthcare CISO Kevin McCarty and Aleksandr Yampolksiy at the RSA President’s Forum

 

Another highlight from RSA was SecurityScorecard board member Sue Gordon joining National Cyber Director Harry Coker, Jr. for the keynote address. They discussed the unprecedented coordination across sectors that are shaping cybersecurity policy, and how to improve the security of the nation’s digital ecosystem.

 

SecurityScorecard Board Member Sue Gordon and White House National Cyber Director Harry Coker, Jr. at RSA

 

Redefining resilience: Unveiling our research with McKinsey

 

150 companies account for 90% of the technology products and services across the global attack surface. 

– SecurityScorecard Cyber Risk Concentration Research, 2024

 

Modern technological and digital breakthroughs have created a more fast-paced and efficient world, but they have also ushered in a higher degree of cyber risk concentration that threatens national security and global economies. It’s against this backdrop that SecurityScorecard has released its report, “Redefining Resilience: Concentrated Cyber Risk in a Global Economy,” with knowledge contributions from McKinsey and Company. The most notable finding from this research points to an extreme concentration of cyber risk in just 15 vendors worldwide, while also detailing a surge in adversaries exploiting third-party vulnerabilities

Because of their large influence and large market share, these vendors have greater potential to inflict third-party harm on their customers. These vulnerabilities are the root of many recent, high-profile supply chain attacks that have crippled critical industries. The February 2024 cyberattack on Change Healthcare continues to have broad repercussions across the healthcare sector, bringing many providers to the brink of closure because healthcare claim processing was taken offline. 

Just as a strong investment portfolio is diversified, a strong digital economy should reduce its reliance on a small handful of vendors to avoid significant disruptions. With this approach, organizations can ensure greater resilience and, by extension, a safer world.

 

SecurityScorecard threat intelligence in action

SecurityScorecard’s Jared Smith (Distinguished Engineer, R&D Strategy) also presented last week at RSA. His packed session, “Elevating Cyber Defenses: Boost SecOps & TPRM with Data and Intelligence,” focused on real-world examples and strategies for enhanced collaboration through continuous data collection and threat intelligence analysis. 

He walked attendees through the history of signals intelligence (SIGINT) and its uses during World War I, before segueing into its evolution from radio signal interception to obtaining signals from Computer Network Exploitation (CNE) and Computer Network Attack (CNA). 

Jared demonstrated how using SIGINT techniques can help enable organizations to see more of the threat landscape. Additionally, he showed that it’s possible to track APTs and other threat actors using both passive and active SIGINT techniques. 

 

Jared Smith presenting original threat research at RSA 2024

 

Smith also recorded an on-demand session for RSA entitled, Mature Your Cyber Defenses: Are You Smarter Than Your Third-Party Risks? This session highlights the unknown supply chain risks lurking in vendor ecosystems.Historically, the security enterprise includes a heavily guarded perimeter, but that perimeter continues to dissolve. Very few businesses operate without connections to some third party. Each of these partners, vendors, suppliers maintains a varying degree of maturity, funding and expertise when it comes to cyber defense, yet we must rely on them to protect our data in the same way that we would.

However, as enterprise defenses have matured, attackers have revised their tradecraft to continue stealing information, extorting and causing business disruption now through third parties.  Where vendor risk was previously limited by a lack of visibility and tooling, modern enterprises must now deal with the fact that periodic, self-attestation of posture is no longer enough. Building confidence in your supply chain ecosystem requires a “trust but verify” mindset, using much the same mindset that an attacker does in looking for potential paths to exploit. 

 

HEID AI: A new industry standard 

RSA was also the perfect venue for the announcement that SecurityScorecard’s Highly Evolved Intelligence Defense (HEID) AI is emerging out of beta. Built on the world’s largest risk and threat dataset, SecurityScorecard developed to unite the entire cybersecurity community and secure the digital ecosystem.

 

A scene from the first installment of the H.E.I.D. comic book

 

The average Fortune 500 company invests 2,000 hours annually in manual tasks—primarily filling out and managing security questionnaires for critical vendors. HEID AI ushers in a human-first approach to LLMs, aimed at eliminating these redundant tasks while also improving business outcomes. HEID AI auto-fills security questionnaires within minutes, using previous responses to ensure consistency and accuracy. With an unprecedented 80% increase in breach prediction accuracy (with false positives under 1%) HEID AI sets a new industry standard, and grows more intelligent with each interaction.This innovation builds on SecurityScorecard’s already industry-leading breach prediction.

 

RSA 2024: Cybersecurity research and AI take center stage

SecurityScorecard was also the recipient of four Global InfoSec Awards at RSA, presented by Cyber Defense Magazine. These awards honor the most innovative and forward-thinking cybersecurity solutions. 

SecurityScorecard’s Chief Marketing & Strategy Officer accepting the Global InfoSec Awards at RSA 2024

The awards include: 

Market Leader Cybersecurity Visionary: CEO & Co-Founder Dr. Aleksandr Yampolskiy

SecurityScorecard’s Co-Founder and CEO was honored for his leadership and commitment to strengthening cybersecurity trust and transparency across the digital ecosystem. 

Publisher’s Choice Security Ratings: The global standard in cybersecurity ratings

SecurityScorecard was recognized for its decade-long commitment to providing free security ratings for all organizations – and delivering the industry’s most transparent, trusted, and accurate security ratings. 

Cutting Edge Third-Party Cyber Risk Management: MAX Managed Services

SecurityScorecard MAX efficiently identifies, prioritizes, and resolves critical vulnerabilities across third-party and extended Nth party supply chains. This solution significantly reduces vendor management costs, enabling organizations to expand vendor monitoring and comply with regulatory mandates.

Editor’s Choice Threat Intelligence: World’s largest risk & threat intelligence dataset

SecurityScorecard’s proprietary threat intelligence delivers actionable insights into threats targeting specific organizations, industries, and regions. 

 

SecurityScorecard research on concentrated cyber risk and product innovation drove conversations at RSA 2024. It was exhilarating to meet face-to-face with our customers and cybersecurity community!

 

Aleksandr Yampolskiy sitting down for a broadcast interview with NASDAQ

 

A celebration of the cybersecurity community 

It was an exciting week filled with many wonderful conversations, dinners, and handshakes; but perhaps the most rewarding part of RSA was the opportunity to meet with SecurityScorecard’s customers, partners, and fellow cybersecurity practitioners. We heard from CISOs that the impact of AI, supply chain risk, communicating with their boards, operational resilience, and vendor risk management are keeping them up at night. Being in the same room with some of the brightest minds and creative innovators in the field reminded the SecurityScorecard team that the future of cybersecurity looks strong. 

 

 

Start a free SecurityScorecard trial today

Free Account Trial