Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

June 2021

Cybersecurity Due Diligence in M&A

Mergers and acquisitions (M&A) enable companies to add products and services to their portfolios, giving them a way to scale their business. To gain true visibility into a company’s long-term impact on your organization’s bottom line, you need to understand all assets and liabilities, including digital ones.

What If You Had Advance Notice of a Ransomware Attack?

One of the worst things about ransomware attacks isn’t just the mayhem they cause as your data is encrypted by criminals and your business is put on hold — it’s not knowing when they’ll happen. But what if you had some advance notice about the next cyberattack before it hit? What if you could find out if your data was up for bid on the dark web?

5 Cyber Risks SLED Agencies Need to Protect Against

Last year was a tough one for schools, local, and state governments. Not simply because of COVID-19, which forced every local government and school to navigate a pandemic, but also because the pandemic brought with it a different set of dangers. While local governments and schools were trying to figure out remote learning, remote work, and how to run public meetings safely and effectively online, cybercriminals took advantage of the fact that the remote world is new to most small governments.

How Security & IT Teams Can Manage the Shift to the New Normal

The COVID-19 pandemic has disrupted businesses in ways that few had planned for, resulting in shutdowns, global economic downturn, supply chain volatility, and a sudden uptick in e-commerce and remote work. The disruption is straining security and IT teams who have to quickly respond and adapt to a series of unanticipated business events. How can security and IT teams stay agile, enable business resilience, and manage the shift to the new normal?

Security is Everyone's Job: 11 Questions You Should Be Asking

One of the most common misconceptions about cybersecurity is that the responsibility and ownership sits solely on the shoulders of the CISO and the security team. Common assumptions are anything related to cybersecurity, a security issue or security initiative resides with the security team and the Chief Information Security Officer (CISO). Phishing attacks? That’s a problem for the security department. Vetting vendors and third parties? That belongs to the vendor management team.

What is Access Control? Components and Types

Digital transformation changes the perimeter. When organizations had all their applications on-premises, the network firewall kept the right users inside the gate and malicious actors outside. However, the move to the cloud changed all that. In today’s hyper-connected ecosystem, understanding the components and types of access control can help you strengthen security.

Top 5 Security Risks of Cloud Computing

Many businesses are shifting workloads to the cloud in an effort to increase efficiency and streamline workloads. In fact, according to the Flexera 2021 State of the Cloud Report, roughly 90% of enterprises anticipate cloud usage will expand even further as a result of COVID-19. While cloud computing can offer organizations a competitive advantage, it is important not to rush into cloud adoptions without understanding the risks involved as well.

SecurityScorecard Finds USAID Hack Much Larger Than Initially Thought

SecurityScorecard’s Investigations & Analysis team conducted an investigation into the details surrounding the USAID.gov attack. As has been previously reported, the attack has been potentially attributed to the organization commonly known as Cozy Bear, but our investigation found that the campaign is likely much larger, and began much earlier than has been reported.

Privacy Laws Comparison: Russia vs. China vs. USA

The data privacy regimes in Russia, China, and the United States are very different from the regimes elsewhere. The financial lure of selling to, or processing data on, EU residents is strong, which has led other countries to adopt the General Data Protection Regulation (GDPR) or something like it. Russia, China, and the United States are large enough for other forces to dominate, including the desire to have their citizens’ data stored locally, as we’ll see.

Forrester Total Economic Impact of SecurityScorecard Study: Automate - Don't Excel

One of the key reasons SecurityScorecard commissioned Forrester Consulting to conduct a Total Economic Impact™ (TEI) Study was to help the market move on from using spreadsheets as a Vendor Risk Management (VRM) tool. The primary reason for IT teams to look at SecurityScorecard or any other VRM automation platform is simple. IT (Information Technology) will help IT teams get better leverage on their two rarest commodities in the security world, time and talent.

Due Care vs. Due Diligence: What's the Difference?

Cybersecurity is more than “just” technology these days. With legislative bodies increasingly writing more laws, technology and legal terminologies have become more intertwined than ever before. As organizations build cyber risk strategies, they need to understand risk mitigation’s underlying goal. This is why understanding the difference between due care and due diligence is important to how you set your risk mitigation strategies.

Spring Launch 2021: See Risk | Solve Problems | Report Results

Security leaders are facing a trifecta of challenges: more sophisticated and frequent cyber attacks, expanding regulations and government mandates, and organizational leaders seeking risk management assurances. CISO’s SecOps and VRM teams need complete visibility to threats across their entire attack surface, with insights to take immediate action, and timely reporting for key stakeholders. SecurityScorecard empowers you to see and understand cybersecurity risk in your organization and across your ecosystem with 360° visibility and seamless workflow integration with your security stack.

What to Know About SecurityScorecard's Integrate360° Marketplace

The old saying “it takes a village” applies to many things in life, including securing your organization. Security is a team sport that requires a variety of solutions and providers — such as a firewall, endpoint protection, security information and event management (SIEM), threat intelligence provider, IT service management (ITSM), governance, risk, and compliance solution (GRC), and cloud access security broker (CASB) — to name a few.

57 Cybersecurity Terms You Should Know in 2021

Cybersecurity can seem intimidating, especially when you’re not already familiar with security and IT. There are so many threats and a lot of terms you need to know in order to understand the countermeasures that can help keep your data safe from attackers. What is an attack surface, after all? And what’s a rootkit? Non-technical employees and decision-makers might find their eyes glazing over when cybersecurity terms start getting thrown around.

JBS Ransomware Attack Started in March and Much Larger in Scope than Previously Identified

SecurityScorecard also found that 1 in 5 of the world’s food processing, production, and distribution companies rated have a known vulnerability in their exposed Internet assets

Introducing SecurityScorecard's Integrate360° Marketplace

Aleksandr Yampolskiy, SecurityScorecard Co-Founder and CEO, introduces Integrate360°, SecurityScorecard's Marketplace of Integrations and Apps. The Marketplace enhances the ability of SecurityScorecard customers to find, manage, and mitigate cybersecurity risk with out-of-the-box apps and integrations to extend the power of SecurityScorecard. We are the first cybersecurity ratings company with over 40 product integrations, security intelligence partners, and professional services. The SecurityScorecard Marketplace brings customers a one-stop shop where they can unlock, discover, and deploy additional trusted partner solutions and pre-built integrations on top of the SecurityScorecard platform.

Transforming the Way Organizations Understand and Communicate Cyber Risk

SecurityScorecard transforms the way organizations understand and communicate cyber risk. This animated video provides an introduction to SecurityScorecard and how organizations around the world use it to transform the way they understand, communicate, and report cyber risk.

Make Cybersecurity a Team Sport with SecurityScorecard

Is your team truly collaborative both inside and outside your organization when it comes to cybersecurity? Most organizations don't realize they lack a necessary cybersecurity solution to collaborate effectively and are not actually getting maximum value out of their existing investments. SecurityScorecard’s enhanced product suite for effective collaboration empowers Security and Risk Teams to collaborate more effectively. Being collaborative allows stakeholders to work faster, smarter, and win together with internal teams and their third parties around the globe

Five Steps to a Modern Cyber Risk Management Team

A company-wide cybersecurity strategy is absolutely essential to combat today's evolving risk landscape. This means breaking down silos and encouraging the engagement of security experts throughout different business units. By leveraging collective understanding to expose unknown threats, you can amplify the effectiveness of your security program and technology stack. We call this "Modern Cyber Risk Management".