Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

September 2022

SecurityScorecard

How to Use Cyber Risk Quantification for Vendor Risk Management

Sep 30, 2022 By Gian Calvesbert In SecurityScorecard

The purpose of vendor risk management is to strike a delicate balance between facilitating the needs of the business by integrating new vendors and ensuring that those same business partners don’t exceed the organization’s risk appetite. Maintaining a healthy balance between those two interests requires leaders to always consider broader business goals when executing VRM strategies.

Read Post
SecurityScorecard

Extortion and Adaptability: Ransomware Motives Remain Consistent as Tactics Change

Sep 30, 2022 By Dr. Robert Ames In SecurityScorecard

Ransomware has traditionally revolved around the encryption of victims’ files. But even if encryption remains ransomware groups’ most common approach, it isn’t really their priority–extortion is. Financially-motivated cybercriminals care more about extracting payment from their victims than they do about the particular methods used to achieve that goal.

Read Post

Be The Partner of Choice

Sep 30, 2022 By SecurityScorecard In SecurityScorecard
SecurityScorecard Co-Founder and Chief Operating Officer Sam Kassoumeh shares Tip #5 from our ebook, 5 Ways to Secure Your Organization in Turbulent Times: Make your organization the partner of choice. Every vendor, regardless of industry, must view cybersecurity as a key strategic component. This video explores how a strong cybersecurity posture can increase trust and provide competitive differentiation and advantage, helping you to become a trusted market leader.
View Video
SecurityScorecard

Three Reasons Why You Should Quantify Third-Party Cyber Risk

Sep 29, 2022 By Anna Sarnek In SecurityScorecard

The spotlight on cyber risk quantification (CRQ) has raised its status to the top of the hypercycle, but with fame comes scrutiny and criticism. Security analysts and practitioners debate the validity of each model framework, along with the data used when modeling cyber risk. Despite this debate, there is a unifying consensus that knowing the possible range of the financial impact of a cyber event is far more optimal than flying blind.

Read Post

Ruthlessly Prioritize

Sep 29, 2022 By SecurityScorecard In SecurityScorecard
SecurityScorecard Co-Founder and Chief Operating Officer Sam Kassoumeh shares Tip #4 from our ebook, 5 Ways to Secure Your Organization in Turbulent Times: Ruthlessly prioritize to keep your organization secure. Teams are drowning in too much information, all of which appears on the surface to be “blinking red.” To calm the noise and allow security professionals to quickly focus on areas that make the biggest impact securing the enterprise, learn how to quickly highlight the most meaningful, critical threats.#TakeControlWithSSC
View Video
SecurityScorecard

SecurityScorecard Partners with JCDC to Democratize Continuous Monitoring and Cybersecurity Risk Management

Sep 28, 2022 By Devin Lynch In SecurityScorecard

Cybersecurity is a team sport, and SecurityScorecard is proud to partner with the Joint Cyber Defense Collaborative (JCDC) to share cyber threat information in defense of public and private critical infrastructure.

Read Post

The Role of AI/ML and Automation in CyberSecurity

Sep 28, 2022 By SecurityScorecard In SecurityScorecard
Let’s talk about having automation tools and AI/ML for cyber security. To combat the bad guys trying to break into your environment all the time, you need tools that can: In fact, you must automate 99% of your alerts because if humans have to do it, they will feel overloaded and make mistakes. But you can’t replace human judgment. It’s like flying a plane. Most of the time, it flies on autopilot. But at crucial moments like take off, landing, or when there’s a thunderstorm, the pilot disengages the autopilot and actively takes the wheel.
View Video

3 Best Practices to Save Yourself Zero-Day Exploits

Sep 26, 2022 By SecurityScorecard In SecurityScorecard
52% of attacks in 2021 began with a zero-day exploit. Here are 4 things you can do to make sure your organization is safe: Understand your attack surfaces from the outside. You need to understand how your external attack surface looks because that's how attackers break in. Have a patching program on hand. When a patch comes out from a software vendor, apply it as soon as possible. Then, rescan your entire attack surface to confirm that it’s applied properly. Build your network with resilience in mind.
View Video

Optimize and Automate

Sep 22, 2022 By SecurityScorecard In SecurityScorecard
SecurityScorecard Co-Founder and Chief Operating Officer Sam Kassoumeh shares Tip #1 from our ebook, 5 Ways to Secure Your Organization in Turbulent Times: Optimize and automate your business ecosystem risk management (aka your third-party risk management) program - to save time and reduce risk.Your security posture is never just your security posture. In this hyperconnected cloud ecosystem, it’s a combination of your own, your vendors’, their vendors’, and so on. Learn how the cyber health of your ecosystem can grow trust and integrity with your clientbase, and also maintain business continuity.
View Video

Key Cybersecurity KPIs to Report to the Board

Sep 21, 2022 By SecurityScorecard In SecurityScorecard
As a CISO, you need to talk to your board members in their language. Here are 2 hacks to do that: Speak in terms of financial cyber risk quantification. Don’t tell them, “I deployed the Prolexic solution to mitigate DDoS attack on 121.1.2.3/24 network.” That won’t make an impact on them. Tell them, “I'm going to save potentially up to $5 million in an outage by spending $200,000 on a device to mitigate ransomware attacks.” Compare your organization with competitors.
View Video

Enable Faster Business Growth

Sep 21, 2022 By SecurityScorecard In SecurityScorecard
Improving your organization’s cybersecurity posture increases trust with your clients and partners, and enables faster business growth. In times of economic uncertainty when budgets tighten, it’s critical to make that connection. In this video series, SecurityScorecard Co-Founder and Chief Operating Officer Sam Kassoumeh shares tips from our ebook, 5 Ways to Secure Your Organization in Turbulent Times, on how security teams can reduce risk by over 85% while ensuring that security investments deliver tangible value.
View Video

Measuring Cyber Hygiene

Sep 19, 2022 By SecurityScorecard In SecurityScorecard
What you can’t measure, you can’t improve. In cybersecurity, nothing like this existed until SecurityScorecard came along. We introduced a set of objective KPIs that are trustworthy, accurate, and could be used to compare companies to each other. We do this by assembling hundreds of different signals across different categories of risk, such as application security, network security, endpoint security, leaked credentials, and shared records.
View Video

How to Build a Culture of Urgency

Sep 14, 2022 By SecurityScorecard In SecurityScorecard
Darwin said it's not the strongest or the smartest that survive and thrive, but the quickest to adapt to change. Speed is everything if you want to run a company successfully. To do that, you need to build a culture of operating with urgency. That doesn’t mean you run frazzled or do a million things simultaneously. Nor does it mean being too flexible and nice when dependent teams tell you, “Go wait.”
View Video

What It Means to Be Customer-Obsessed

Sep 12, 2022 By SecurityScorecard In SecurityScorecard
At Amazon, Jeff Bezos was famous for having an empty chair in the meeting room that represented the customer. I admire him for that because as the organization grows, it's easy to have meetings that are so focused on metrics, KPIs, internal execution, etc. that you lose sight of the customer. Here’s how we practice being customer-obsessed at SecurityScorecard: We make sure that we start every meeting by sharing customer insights, such as.
View Video
SecurityScorecard

What are Tabletop Exercises? How They Can Improve Your Cyber Posture

Sep 12, 2022 By SecurityScorecard In SecurityScorecard

According to the latest IBM Cost of a Data Breach Report, the average breach costs $4.35M per incident, climbing by 12.7% from 3.86 million USD in IBM’s 2020 report. This does not account for lost business opportunities and lingering reputational damage. A cybersecurity tabletop exercise could substantially reduce this amount simply by having a well-thought-out incident response plan and effectively exercising business continuity plans.

Read Post
SecurityScorecard

Security Insights on the Low-Code / No-Code Attack Vector

Sep 7, 2022 By Mike Wilkes In SecurityScorecard

The August 4th compromise of Twilio via a targeted smishing attack has been a topic of wide concern and discussion on social media. My first thoughts on hearing of the attack were to virtually “pat myself down” with regard to exposure risk. Kind of like that feeling when you’re not sure if your car keys or wallet are in your pocket a few blocks after walking away from your parking space. Is my company affected by the breach? Did we receive a notification email from them?

Read Post
SecurityScorecard

TTPs Associated With a New Version of the BlackCat Ransomware

Sep 6, 2022 By Vlad Pasca In SecurityScorecard

The BlackCat/ALPHV ransomware is a complex threat written in Rust that appeared in November 2021. In this post, we describe a real engagement that we recently handled by giving details about the tools, techniques, and procedures (TTPs) used by this threat actor. Firstly, the attacker targeted an unpatched Microsoft Exchange server and successfully dropped webshells on the machine.

Read Post

Copyright © 2024 OpsMatters™. All rights reserved.