Cybersecurity white papers, data sheets, webinars, videos and more

Blog

Spear Phishing vs. Phishing: What’s the Difference?

Understand the difference between phishing and spear phishing, how attackers use each tactic, and what organizations can do to prevent credential theft and business compromise.

Phishing

Threat-Informed TPRM

Webinars

Fortifying Your Supply Chain: The ROI of Managed Supply Chain Detection and Response

Join us to discover how a managed Supply Chain Detection and Response (SCDR) service, like SecurityScorecard MAX, transforms your approach to vendor risk.

MAX

Threat-Informed TPRM

Blog

Top Strategies for Preventing Domain Hijacking

Domain hijacking is a stealthy but devastating threat to enterprise brands. This blog explores how hijackers take over domains, key prevention strategies, and how to monitor domain risks across your supply chain in 2025.

Blog

How Do You Perform an Effective Network Security Assessment?

Network security assessments are essential for identifying vulnerabilities, misconfigurations, and exposure points. This blog outlines how to conduct a thorough network assessment in 2025, with a focus on risk prioritization and third-party ecosystems.

Blog

How Does an Intrusion Detection System (IDS) Work?

Learn how Intrusion Detection Systems (IDS) work, explore different types, and discover best practices for integrating IDS into your security stack.

Blog

What’s the Difference Between Ethical Hacking and Cybersecurity Operations?

Ethical hacking and cybersecurity operations serve different functions in defending digital assets. This blog breaks down their differences, overlap, and how modern organizations use both to build a resilient cyber strategy.

Blog

What Is a CVE and How Should You Prioritize Patch Management?

CVE identifiers are essential for tracking known vulnerabilities. This blog breaks down what a CVE is, how it’s used in cybersecurity, and how to prioritize patching based on threat intelligence and business impact in 2025.

Blog

IAM in 2025: Identity and Access Management Best Practices

Identity and Access Management (IAM) is foundational to cybersecurity in 2025. This blog covers the top IAM best practices for protecting credentials, enforcing least privilege, and reducing supply chain identity risk.

Resources

Regulatory Compliance: Bridging Compliance and Cybersecurity A Comprehensive Approach to Third-Party Risk Management

Organizations are under mounting pressure to improve their cybersecurity posture and keep pace with evolving regulations and an ever-expanding network of third-party suppliers in 2025. Government and oversight bodies continue to expand the scope and specificity of regulations aimed at safeguarding sensitive information and critical infrastructure. Yet despite significant focus and investment, many enterprises struggle to keep pace.

Blog

What Did the LastPass Breach Reveal About Password Manager Security?

The LastPass breach exposed serious challenges in password manager design and implementation. This blog breaks down the breach, explains what went wrong, and outlines steps to evaluate and harden your password manager strategy in 2025.

Blog

Are Open Ports Putting Your Network at Risk?

Open ports can expose your organization to critical threats like ransomware, botnets, and data breaches. Learn how to identify, assess, and secure exposed services in your environment to reduce cyber risk in 2025.

Blog

What Is DLL Hijacking? Understanding and Preventing the Threat

DLL hijacking is a stealthy attack technique that exploits how Windows loads Dynamic Link Libraries. Learn how it works, what risks it poses, and how to prevent DLL hijacking in enterprise environments.

Blog

HTTPS vs. HTTP: Why Secure Connections Matter in 2025

This blog unpacks the differences between HTTPS and HTTP and outlines key strategies for organizations to safeguard user data through proper certificate management and secure configuration.

Blog

How Does PGP Encryption Work—and Is It Still Secure in 2025?

PGP encryption remains a foundational technology for secure communication. This blog explains how it works and offers guidance for encryption use.

Blog

What Is Nmap and How Can It Help Identify Network Vulnerabilities?

Nmap is a powerful open-source tool for network scanning and vulnerability detection. Learn how security teams use Nmap to discover hosts, assess risks, and strengthen cybersecurity postures.

Blog

What Is HTTPS and Why Is It Still Essential for Cybersecurity in 2025?

HTTPS is not just about website encryption—it underpins secure digital transactions, protects privacy, and builds trust online. Discover why HTTPS is still vital for cybersecurity in 2025.

Threat-Informed TPRM

Blog

How File Transfer Software Became the #1 Third-Party Breach Vector

File transfer software vulnerabilities now lead third-party breaches. Learn how these tools are exploited and how to reduce your supply chain exposure through risk management.

Cybersecurity

Blog

What Is HSTS and How Does It Strengthen HTTPS Security?

HSTS is a browser security policy that protects users from HTTP downgrade attacks. Learn how HSTS works and why every secure website needs it in 2025.

Cybersecurity

Resources

Typhoon-like gang slinging TLS certificate ‘signed’ by the Los Angeles Police Department

Learn more in this resource.

STRIKE News

Blog

How Do You Write a Strong Information Security Policy in 2025?

A strong information security policy in 2025 must go beyond compliance. Learn how to build a policy that supports risk management, zero trust, and Third Party Risk Management (TPRM) .

Blog

What You Need To Know About DeepSeek Security Issues and Vulnerabilities

DeepSeek is a powerful AI model with significant enterprise applications. But it also introduces security risks, according to SecurityScorecard STRIKE Team’s research.