Our new CFO cybersecurity survey, which surveyed 180 CFOs, CEOs and other financial executives worldwide, has highlighted the fact that Chief Financial Officers are very confident in their companies’ abilities to ward off cyber security incidents, despite being underinformed on the cyber risk their businesses face. Almost 87% of the surveyed executives expressed this confidence, yet 61% of them had suffered at least three significant cyber incidents in the previous 18 months.

Cybersecurity is a team sport, and SecurityScorecard is proud to partner with the Joint Cyber Defense Collaborative (JCDC) to share cyber threat information in defense of public and private critical infrastructure.

During the Vendor Risk Management process, information is in constant flux. From risk assessments to risk remediation processes, communication involving sensitive security control data continuously flows between an organization and its monitored vendors. If intercepted, this information stream could be used as open source intelligence for a third-party data breach campaign, nullifying the very efforts a VRM program is trying to mitigate.

The vulnerabilities perforating the global supply chain have remained dormant for many years. But the violent disruptions of the pandemic finally pushed these risks to the surface, revealing the detrimental impacts of their exploitation to the world.

Cyber VRM is the practice of identifying, assessing, and remediating the cybersecurity risks of third-party vendors. This involves combining objective, quantifiable data sources like security ratings and data leak detection with subjective qualitative data sources like security questionnaires and other security evidence to get a complete view of your third-party vendors’ security posture. A Cyber VRM solution facilitates this practice.

The technology industry is at the forefront of digital transformation, enabling all other industries to achieve greater operational capabilities and connectivity through innovative solutions. Tech companies, such as SaaS vendors, provide crucial software infrastructure to hundreds or even thousands of other organizations. These vendors access, store and transmit large volumes of sensitive information, including valuable healthcare and finance data.

According to the latest IBM Cost of a Data Breach Report, the average breach costs $4.35M per incident, climbing by 12.7% from 3.86 million USD in IBM’s 2020 report. This does not account for lost business opportunities and lingering reputational damage. A cybersecurity tabletop exercise could substantially reduce this amount simply by having a well-thought-out incident response plan and effectively exercising business continuity plans.

The August 4th compromise of Twilio via a targeted smishing attack has been a topic of wide concern and discussion on social media. My first thoughts on hearing of the attack were to virtually “pat myself down” with regard to exposure risk. Kind of like that feeling when you’re not sure if your car keys or wallet are in your pocket a few blocks after walking away from your parking space. Is my company affected by the breach? Did we receive a notification email from them?

The BlackCat/ALPHV ransomware is a complex threat written in Rust that appeared in November 2021. In this post, we describe a real engagement that we recently handled by giving details about the tools, techniques, and procedures (TTPs) used by this threat actor. Firstly, the attacker targeted an unpatched Microsoft Exchange server and successfully dropped webshells on the machine.

Not all of the recognizable risks in your software supply chain can be identified by their known vulnerabilities recorded as CVEs. A component that is outdated or inactive may present risks to your application that no one has had cause to investigate. Yet these components could still harbor threats.