Cybersecurity white papers, data sheets, webinars, videos and more

October 10, 2025

What is Zero Trust Architecture? 9 Steps to Implementation

Understanding what a Zero Trust Architecture is and how to implement one can help enhance security. Learn more on SecurityScorecard’s blog.

Attack Surface Management

Tech Center

September 12, 2025

What is a Cybersecurity Posture and How Can You Evaluate It?

Organizations across industries struggle to maintain robust security postures. While tremendous strides have been made in security technology, the fundamentals of establishing and maintaining a strong cybersecurity posture remain elusive for many organizations.

Tech Center

September 12, 2025

What is HIPAA Compliance? A Complete Guide

What is HIPAA compliance? Learn essential requirements, common violations, and best practices for healthcare data protection and security.

Tech Center

September 12, 2025

What is Data Exfiltration and How to Prevent It

Discover what data exfiltration is, the methods attackers use, and the best solutions to prevent data loss, protect devices, and enhance data security.

Tech Center

September 12, 2025

What is SOC 2 Compliance? A Complete Guide for Security Leaders

What is SOC 2 compliance? This guide explains the audit, the five trust services, and how to get a SOC 2 report for your service organization.

Tech Center

September 12, 2025

What is Ransomware?

Learn what ransomware is, how it works, types, and protection strategies. Comprehensive guide to ransomware prevention and recovery for businesses.

Tech Center

September 10, 2025

When SaaS Trust Becomes a Threat: Insights from the Salesloft Drift Compromise

The STRIKE team has been analyzing the Salesloft Drift breach that spread into Salesforce environments. Discover what the breach tells us about supply chain security, how attackers abused OAuth tokens, what data is exposed, and defensive actions to take next.

STRIKE Team

August 5, 2025

From the Depths of the Shadows: IRGC and Hacker Collectives Of The 12-Day War

From reconnaissance to propaganda to payloads, this is how Iran’s digital foot soldiers mobilized across borders and platforms during the war with Israel in June 2025.

STRIKE Team

June 27, 2025

10 Cybersecurity Criteria for Smarter Vendor Selection

Learn the 10 most critical cybersecurity criteria to include in your vendor selection process. Make smarter, risk-informed decisions before onboarding third parties.

June 26, 2025

What Is Residual Risk and How Do You Mitigate It?

Learn what residual risk is in cybersecurity, how to measure and reduce it, and why complete risk elimination is a myth. Understand strategies to manage what remains after controls are applied.

June 25, 2025

What Does CIRCIA Require—and How Can You Prepare for Reporting Cyber Incidents?

Learn what the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) requires, who it applies to, and how your organization can prepare for faster, smarter breach response.

June 25, 2025

What is the Difference Between IT Risk Management and Cybersecurity?

Explore how IT risk management and cybersecurity differ—and where they overlap. Learn how to align both for a stronger, more resilient organization.

June 25, 2025

Why Education is a Growing Cyber Target

Why educational institutions face rising cyberattacks and what they can do to improve their cybersecurity posture.

Cybersecurity

June 24, 2025

What Is Triage in Cybersecurity Incident Response?

Discover how cybersecurity triage works during incident response. Learn best practices for assessing and prioritizing threats before they escalate.

June 24, 2025

Building a Vendor Risk Management Program: Strategies for Success

Learn how to build a vendor risk management (VRM) program that aligns with modern cyber threats. Discover essential steps, tools, and continuous monitoring strategies for supply chain protection.

June 23, 2025

What Is MXToolbox and How Can You Use It Securely?

Discover how MXToolbox works for DNS, SPF, and blacklist monitoring, and learn how to use it securely without leaking email infrastructure insights to threat actors.

June 23, 2025

What Is FIPS 140-3 and Why Does It Matter for Security Compliance?

Learn what FIPS 140-3 certification entails, why it’s critical for federal and industry cybersecurity compliance, and how to ensure your cryptographic modules meet the standard.

June 23, 2025

Unmasking A New China-Linked Covert ORB Network: Inside the LapDogs Campaign

SecurityScorecard’s STRIKE team uncovered a new China-Nexus ORB Network targeting the United States and Southeast Asia. Read the report to gain an in-depth look at the LapDogs ORB network, its custom malware, and its role in cyberespionage.

STRIKE Team

June 23, 2025

Understanding Third-Party Risk: Identifying and Mitigating External Threats

Learn how to identify, assess, and mitigate third-party cybersecurity risks. Discover the most common vulnerabilities, threat actor behavior, and how to monitor threats in 2025.

June 20, 2025

Sender Policy Framework (SPF): How It Stops Email Spoofing

Learn how SPF works to prevent email spoofing, how to configure SPF records, and why it’s critical for securing your domain from phishing campaigns.

June 20, 2025

What Does the Gramm-Leach-Bliley Act (GLBA) Require?

Learn the core requirements of the Gramm-Leach-Bliley Act (GLBA), including the Safeguards Rule, privacy notices, and cybersecurity responsibilities for financial institutions.