43% of all websites are built in WordPress (W3Techs). Custom WordPress sites rely on plugins, themes, and other components determined by the website administrators. Because these extensible components are often created by third-parties, each custom addition is a potential attack vector that needs to be monitored and updated to maintain a secure website. Website security is a critical aspect of your cybersecurity posture.

When it comes to conducting vendor security reviews, the two most time-consuming tasks are gathering the relevant information from your vendor and analyzing it thoroughly. Last month, we announced AI-powered security document analysis to drastically simplify the process of extracting insights from SOC 2 reports, DPAs, and other sources that document a vendor’s security posture.

Organizations focus on building resilience in their global supply chain through effective supply chain risk management strategies. The planning process involves identifying potential high-risk factors, analyzing their impact, and developing strategic measures for mitigating risk. In addition, organizations perform due diligence when creating incident response and recovery plans to ensure business continuity and avoid supply chain disruptions.

With the majority of data breaches now caused by compromised third-party vendors, cybersecurity programs are quickly evolving towards a greater emphasis on Vendor Risk Management. For advice on choosing the best VRM solution for your specific data breach mitigation requirements, read on.

Any organization’s survival depends on its ability to identify potential risks and then take steps to reduce those risks before they become disruptions. Neglecting even small details, especially when multiple stakeholders are involved, can lead to significant losses of money, reputation, customer goodwill, and more. Risk management is arguably the most effective way to navigate uncertain circumstances.

Since Hamas’s attack on Israel last month, SecurityScorecard’s SecurityScorecard Threat Research, Intelligence, Knowledge, and Engagement (STRIKE) Team has paid close attention to hacktivist activity provoked by the conflict, with particular focus on the international scope.

Think cybersecurity training is just a snore fest of jargon and compliance checkboxes? Think again. Welcome to the new era of Cybersecurity training, where ‘boring’ is a forbidden word and engagement is the name of the game. This guide is all about flipping the script—from just ticking off ‘compliance’ boxes to actually being ‘competent,’ and we’re doing it with training techniques that are as engaging as they are effective.

Data privacy has never been more critical for business success as it is today, and organizations worldwide are grappling with the stringent requirements of the General Data Protection Regulation (GDPR). One crucial aspect of GDPR compliance is maintaining a Record of Processing Activities (RoPA), which serves as a testament to an organization’s commitment to data protection. But what exactly is a RoPA, and how can organizations create and manage one effectively?

Moody’s investment in Bitsight in 2021 was founded on the belief that cyber risk is business risk. Two years later - this foundational belief is clearer than ever by evidence of recent research developed by the two companies. This blog post is a reflection on the research progress made by the two firms since the announcement of the partnership.

The concept of automation has been around for decades in the software field, but recent advancements in machine learning and natural language processing have led to huge breakthroughs. We’ve gone from machines that complete rules-based, predetermined tasks to a new generation of software that “learns” from huge sets of data so that it can make predictions — collectively known as artificial intelligence (AI).