Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

May 2024

The Need for Speed: "Material" Confusion under the SEC's Cyber Rules

This week, the SEC issued a statement addressing some of the rampant confusion and inconsistencies observed under the agency’s new cyber breach disclosure rule. The statement itself addresses a technical securities law requirement, that public companies should only use Item 1.05 of Form 8-K to disclose “material” cyber breach information (instead of making voluntary or immaterial disclosures).

EPA Alert Warns Nation's Drinking Water at Risk: SecurityScorecard's recommendations for securing critical infrastructure

This week, the U.S. Environmental Protection Agency (EPA) warned that cyberattacks against water utilities across the country are becoming more frequent and more severe. The agency urged water systems to take immediate actions to protect the nation’s drinking water. According to the EPA, there are more than 150,000 public water systems across the U.S. serving over 300 million people—virtually all of which are administered and secured at local levels of government.

SecurityScorecard Named a Leader in the Forrester Wave for Cybersecurity Risk Ratings

Today, we’re proud to announce that Forrester has named SecurityScorecard a Leader in The Forrester Wave: Cybersecurity Risk Ratings Platforms, Q2 2024. Forrester identified the 10 most significant vendors in cybersecurity risk ratings and scored them based on the strengths of their current offering, strategy, and market presence.

Compliance, collaboration, and communication: The benefits of NIST CSF 2.0

As regulatory mandates and frameworks continue to emerge, cybersecurity leaders must continue to adapt to more than just the latest threat actor tactics, techniques, and procedures. As part of our ongoing webinar series centered on compliance, SecurityScorecard’s Senior Product Marketing Manager, Devaney Devoe, moderated a discussion with Adam Bixler (Principal, Squadra Ventures), Christopher Strand (SecurityScorecard’s Global Risk Officer), and Steve Cobb (CISO, SecurityScorecard).

Cybersecurity leadership in an era of public-private partnerships

SecurityScorecard recently hosted a webinar with our Co-founder and CEO, Dr. Aleksandr Yampolskiy, and Sue Gordon, the former Deputy Director of National Intelligence and SecurityScorecard board member. Gordon drew on her experience as a key advisor to the President and National Security Council to discuss the shared responsibility between public and private organizations in combating cyber threats, the concentration of cyber risk, and the value of easy-to-understand cybersecurity metrics.

SecurityScorecard and Intel: Digging Past the Surface for Enhanced Protection

Threat actors have responded to better protections in the operating system and improved endpoint detection and response (EDR) capabilities by moving down the stack to find entry points with full visibility and privileges into the stack above.

RSA 2024: The Art of Possible

“The best part of RSA is all the amazing people in the community trying to make the world a safer place. It’s also very exciting to see all the innovation to make adversaries’ lives harder – competition and collaboration make us better.” – CEO & Co-Founder Dr. Aleksandr Yampolskiy The SecurityScorecard team has just returned from an incredible week in San Francisco at RSA Conference 2024!

Using Metrics that Matter to Protect Critical Infrastructure

Critical infrastructure services in North America face accelerating threats from both nation-states and other sophisticated threat actors. Governments globally are grappling with how to best balance incentives, support, and direct oversight. Meanwhile, critical infrastructure owners and operators face significant challenges with technology, staff resources, and expertise to better manage cyber resilience.

Take supply chain cyber risk management to the MAX

MAX is a comprehensive managed service that proactively identifies critical cybersecurity vulnerabilities and issues throughout your entire supply chain. Once identified, MAX collaborates closely with your team and vendors to promptly address and resolve these vulnerabilities, fortifying your supply chain defenses against potential compromises. When it comes to supply chain cyber risk, MAX has your back.

Examining the Concentration of Cyber Risk: How supply chains and global economies can adapt

Company mergers, the consolidation of cloud technologies, and the interconnected nature of digital business have all led to a more efficient, fast-paced digital economy. But these advantages have also ushered in a higher degree of cyber risk concentration that stands to threaten national security and global economies.

The Cybersecurity of the S&P 500: An in-depth analysis from SecurityScorecard

In fall 2023, the U.S. Securities and Exchange Commission (SEC) adopted landmark cybersecurity regulations, requiring public companies to disclose “material” cybersecurity incidents within four days. Prior to this, there were very few breach reporting requirements, leaving business leaders, government officials, policymakers, and investors without key information on cybersecurity incidents.

Proactive Measures to Prevent Data Theft

As the world becomes more and more digitally intertwined, the significance of data security cannot be overstated. Data theft, a critical threat to organizations worldwide, poses severe challenges, jeopardizing both reputational integrity and financial health. This blog post aims to dissect the concept of data theft, understand its impacts on organizations, and outline proactive measures to safeguard against such threats.

Securing Samba Ports: Essential Practices for Safeguarding Your Network

In the vast and interconnected world of information technology, the security of network services and protocols is paramount for organizations of all sizes. Among these, Samba—a free software re-implementation of the SMB/CIFS networking protocol—plays a crucial role in facilitating file and print services across various operating systems, including Unix, Linux, IBM System 390, and Windows.