Cybersecurity white papers, data sheets, webinars, videos and more

Blog

What Does CIRCIA Require—and How Can You Prepare for Reporting Cyber Incidents?

Learn what the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) requires, who it applies to, and how your organization can prepare for faster, smarter breach response.

Blog

What is the Difference Between IT Risk Management and Cybersecurity?

Explore how IT risk management and cybersecurity differ—and where they overlap. Learn how to align both for a stronger, more resilient organization.

Blog

Why Education is a Growing Cyber Target

Why educational institutions face rising cyberattacks and what they can do to improve their cybersecurity posture.

Cybersecurity

Press

SecurityScorecard Report Reveals 5 in 6 Organizations at Risk Due to Immature Supply Chain Security

SecurityScorecard today released its 2025 Supply Chain Cybersecurity Trends Survey, revealing that 88% of cybersecurity leaders are concerned about supply chain cyber risks.

Research

2025 Supply Chain Cybersecurity Trends: Why Visibility Is the Next Competitive Advantage

Against this backdrop of rising systemic risk, SecurityScorecard set out to assess how enterprises are managing their third-party risk. The responses from nearly 550 CISOs and cybersecurity leaders worldwide reveal a dangerous gap in organizational preparedness.

Supply Chain Cyber Risk

Third-Party Risk Management

Resources

China-Nexus ‘LapDogs’ Network Thrives on Backdoored SOHO Devices

Learn more in this resource.

STRIKE News

Blog

What Is Triage in Cybersecurity Incident Response?

Discover how cybersecurity triage works during incident response. Learn best practices for assessing and prioritizing threats before they escalate.

Blog

Building a Vendor Risk Management Program: Strategies for Success

Learn how to build a vendor risk management (VRM) program that aligns with modern cyber threats. Discover essential steps, tools, and continuous monitoring strategies for supply chain protection.

Resources

A sneaky cyber espionage campaign is exploiting IoT devices and home office routers – here’s what you need to know

Learn more in this resource.

STRIKE News

Blog

What Is MXToolbox and How Can You Use It Securely?

Discover how MXToolbox works for DNS, SPF, and blacklist monitoring, and learn how to use it securely without leaking email infrastructure insights to threat actors.

Blog

What Is FIPS 140-3 and Why Does It Matter for Security Compliance?

Learn what FIPS 140-3 certification entails, why it’s critical for federal and industry cybersecurity compliance, and how to ensure your cryptographic modules meet the standard.

Blog

Unmasking A New China-Linked Covert ORB Network: Inside the LapDogs Campaign

SecurityScorecard’s STRIKE team uncovered a new China-Nexus ORB Network targeting the United States and Southeast Asia. Read the report to gain an in-depth look at the LapDogs ORB network, its custom malware, and its role in cyberespionage.

STRIKE Team

Blog

Understanding Third-Party Risk: Identifying and Mitigating External Threats

Learn how to identify, assess, and mitigate third-party cybersecurity risks. Discover the most common vulnerabilities, threat actor behavior, and how to monitor threats in 2025.

Blog

Sender Policy Framework (SPF): How It Stops Email Spoofing

Learn how SPF works to prevent email spoofing, how to configure SPF records, and why it’s critical for securing your domain from phishing campaigns.

Blog

What Does the Gramm-Leach-Bliley Act (GLBA) Require?

Learn the core requirements of the Gramm-Leach-Bliley Act (GLBA), including the Safeguards Rule, privacy notices, and cybersecurity responsibilities for financial institutions.

Blog

How to Build an OPSEC Culture in Your Organization

Discover how to build an OPSEC (Operational Security) culture that protects sensitive information, counters social engineering, and reduces third-party risk exposure across your workforce.

Blog

What Are the Key Steps to Achieve PCI DSS 4.0 Compliance?

Explore step-by-step guidance to comply with PCI DSS 4.0, including new 2025 requirements, technical controls, and vendor accountability measures.

Blog

What Are Best Practices for Data Security for Sensitive Data?

Learn best practices to secure sensitive data, including encryption, access control, and continuous monitoring. Discover how organizations reduce breach risks while staying compliant.

Blog

What’s the Difference Between Authenticity and Non-Repudiation in Cybersecurity?

Understand the difference between authenticity and non-repudiation in cybersecurity, and how both play key roles in identity verification, encryption, and data integrity.

Blog

How SSL Certificates Work—and Why They Still Matter

SSL certificates remain foundational to online trust and encryption. This blog explains how SSL/TLS certificates work, the risks of poor certificate management, and why organizations must maintain certificate hygiene in 2025.

Blog

What Is a Zero-Day Exploit and Why Is It So Dangerous?

Learn what a zero-day exploit is, why it poses such a severe risk, and how organizations can detect and mitigate zero-day attacks using proactive threat intelligence.