Resources

Blog
Beyond the Perimeter: Why CISOs Need Supply Chain Detection and Response
February 4, 2025
Organizations rely heavily on external vendors and suppliers, creating complex supply chains vital for operations. However, this introduces a new dimension of risk: supply chain attacks. SCDR is a comprehensive security framework that focuses on identifying, assessing, and responding to threats within the supply chain.
More Details
SCDR, Supply Chain Cyber Risk
Case Study
Verdane
February 4, 2025
How Verdane improved investment decisions and portfolio company cyber support using SecurityScorecard.
More Details
Data Sheet
Simplify and Automate DORA TPRM Requirements with SecurityScorecard
January 30, 2025
This extended data sheet guides you through DORA's TPRM requirements and how you can use SecurityScorecard to comply. Learn more.
More Details
Data Sheet
Simplify and Automate NIS2 TPRM Requirements with SecurityScorecard
January 30, 2025
This extended data sheet guides you through NIS2's TPRM requirements and how you can use SecurityScorecard to comply. Learn more.
More Details
Blog
Operation Phantom Circuit: North Korea’s Global Data Exfiltration Campaign
January 29, 2025
In December 2024, a routine software update concealed a global threat. Attackers from the Lazarus Group, based in North Korea, infiltrated trusted development tools, compromising hundreds of victims worldwide. This sophisticated campaign, code-named "Phantom Circuit," targeted cryptocurrency and technology developers, employing advanced obfuscation techniques through proxy servers in Hasan, Russia.
More Details
STRIKE Team
Research
Operation Phantom Circuit: North Korea’s Global Data Exfiltration Campaign
January 29, 2025
During STRIKE’s investigation of Operation 99, our team identified multiple command-and-control (C2) servers active since September 2024.
More Details
STRIKE Team
Webinar
Building a High-Performing Supply Chain Incident Response Team
January 28, 2025
Supply chain security is no longer an afterthought. With increasing threats and the potential for devastating consequences, organizations must proactively address supply chain risks. In this webinar, we will discuss how a well-structured supply chain incident response team can address these challenges and mitigate risks.
More Details
SCDR
Learning Center
The Top 7 Cyberattacks on U.S. Government: A closer look at the evolving landscape of cybersecurity
January 24, 2025
Cyberattacks are an increasingly significant threat to governments worldwide. This blog post examines some of the top cyberattacks on US government.
More Details
Public Sector, Tech Center
Learning Center
7 Incident Response Metrics and How to Use Them
January 24, 2025
A robust incident response plan provides quantitative data. Check out these seven incident response metrics and how to use them.
More Details
Jeff Aldorisio
Tech Center
Blog, Learning Center
Implementing Non-Repudiation in Your Security Strategy: Best Practices and Techniques
Explore best practices for implementing non-repudiation in security strategies to ensure transaction authenticity and protect against fraud.
More Details
Tech Center
Press
SecurityScorecard Report: 58% of Breaches Impacting Leading U.S. Federal Contractors Caused by Third-Party Attack Vectors
January 22, 2025
Report highlights the urgent need for federal contractors to address third-party risks as cybersecurity gaps threaten national security
More Details
Research
Security Assessment of the Top 100 U.S. Gov’t Contractors
January 21, 2025
Federal contractors are critical to the U.S. Government’s (USG) supply chain, yet their cybersecurity postures reveal significant weaknesses. This report evaluates the SecurityScorecard ratings and publicly available breach histories of the top 100 federal contractors for FY2023, highlighting problems and patterns that pose substantial third-party cyber risks to the USG. A breach at one of these contractors could expose USG data, compromise infrastructure, or disrupt essential products
More Details