The U.S. Securities & Exchange Commission recently proposed rules to strengthen the ability of public companies, funds, and advisors to combat cybersecurity threats and implement risk mitigation processes.
Here's a sample of SecurityScorecard's discussion with Kristy Littman, U.S. Securities and Exchange Commission Chief of the Crypto Assets and Cyber Unit, Michael Daniel, President & CEO of the Cyber Threat Alliance and Friso van der Oord, Senior Vice President, Content with the National Association of Corporate Directors discussing the importance of the proposed rules.
The U.S. House of Representative's Committee on Homeland Security entered research by SecurityScorecard into the congressional record at a joint hearing, “A Whole-of-Government Approach to Combatting Ransomware: Examining DHS’s Role.” The report from SecurityScorecard used machine learning across 10 different factors to correlate with the relative likelihood of a ransomware attack. Subsequently, SecurityScorecard developed a sophisticated machine learning model that estimates the relative likelihood of a company falling victim to ransomware attack, based on non-intrusive observations of its cybersecurity posture. The predicted likelihood could be used to warn at-riskorganizations and to assist insurance carriers offering cyber-insurance policies.
In a Feb. 2 webinar, SecurityScorecard hosted Justin Herring, Executive Deputy Superintendent, Cybersecurity Division of the New York Department of Financial Services (DFS), and Luke Dembosky, Partner and Co-Chair of the Data Strategy & Security practice at Debevoise & Plimpton, to discuss DFS’s top cybersecurity priorities this year, current enforcement and examination trends, and the regulatory environment around cybersecurity in 2022. In this conversation, Mr. Herring, the first Executive Deputy Superintendent of Cybersecurity at DFS. described the Cybersecurity Division’s aim to protect consumers and industries from cyber threats, including their recent adoption of security ratings to support their regulatory oversight.
“Tools and services such as [security ratings], if in wider use, could better inform industry of certain vulnerabilities to act upon and decrease gaps in cybersecurity. The SecurityScorecard report does include several of the security measures required by the pipeline security directive. As such, TSA’s security directives and the implementation of required measures could be validated by the SecurityScorecard or similar tools to readily identify potential security gaps.”
"The emergence of security ratings has increased the use of cyber risk quantification to calculate and measure cyber risk exposure. These security ratings provide a starting point for companies’ cybersecurity capabilities and help elevate cyber risk to the level of board decision-making."
"For even trusted sources, program managers should maintain continuous awareness of source compromises and be prepared to respond to sudden loss of trust in a repository."
There are a number of third party tools similar to Security Scorecard… in use by industry operators and industry security service providers. These “scorecards” provide a rating of cybersecurity postures of corporate entities through a non-intrusive “outside-in” view of security metrics and cyber threat intelligence signals. Tools and services such as this, if in wider use, could better inform industry of certain vulnerabilities to act upon and decrease gaps in cybersecurity. The Security Scorecard report does include several of the security measures required by the pipeline security directive. As such, TSA’s security directives and the implementation of required measures could be validated by the Security Scorecard or similar tools to readily identify potential security gaps.
In Jan. 2022, SecurityScorecard’s Vice President for Policy & Public Sector, Charlie Moskowitz, joined Water and Waste Senior Managing Editor Bob Crossen for a video interview to discuss water security cybersecurity. Together, they discussed recent Biden Administration regulatory action affecting the water sector, sector-wide cyber vulnerabilities, and the resource challenges facing small and rural community water utilities to defend against online threat actors. Moving beyond the problems, Charlie also discussed two core solutions: continuous monitoring and information sharing, to help water utilities develop and raise threat awareness across the water sector utilities, and how a security ratings platform, like SecurityScorecard’s, can provide real-time, continuous monitoring to small and large water utility companies and help improve their overall cybersecurity.
New research from SecurityScorecard analyzed the cybersecurity health of 100 global shipping container companies and found that high severity cyber vulnerabilities pose a significant risk to U.S. maritime security and major supply chain risks. Read more in the report here, including what the industry can do to combat these issues.
The U.S. House of Representatives Committee on Oversight and Reform included testimony from SecurityScorecard at a hearing titled, “Cybersecurity for the New Frontier: Reforming the Federal Information Security Management Act.”
SecurityScorecard's Statement for the Record advocated for Federal networks to include quantitative, data-driven metrics and real-time, continuous monitoring to build industry best practices into Federal network monitoring and risk management.
The recently discovered security flaw related to Log4j enables threat actors to remotely execute commands via remote code execution (RCE) on nearly any machine using Log4j.
Read the report to find out what SecurityScorecard's Research team found on the implications of this vulnerability and what organizations can do to combat it.