Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

SecurityScorecard is actively engaged to ensure our Security ratings align with the Principles for Fair & Accurate Security Ratings, published by the US Chamber of Commerce. As part of this effort we strive to educate the cybersecurity community on how our products align with these important principles. This article is a continuation of a series of articles that describe how SecurityScorecard meets specific security rating principles as recommended by the US Chamber of Commerce.

In the world of information security, we love to believe that our countermeasures, defence in depth strategies and preventative controls will shield us from disaster. We invest in technology, develop policies, train our people and implement procedures – all in the hope that we’ll never face a serious security breach. But as any seasoned security professional will tell you, incidents are inevitable.

Any company that processes payments knows the pain of an audit under the Payment Card Industry Data Security Standard (PCI DSS). Although the original PCI DSS had gone through various updates, the Payment Card Industry Security Standards Council (PCI SSC) took feedback from the global payments industry to address evolving security needs.

I’ve been in the cybersecurity industry for over 36 years. Surprisingly, hackers and malware haven't changed all that much. The malware today is not all that different from the stuff I was disassembling for John McAfee back in the late 1980s and early 1990s. A lot of the involved programming languages, technology and communication channels have changed, but not how malware operated and what it did. We had ransomware back in 1989. We had polymorphic, crypto-morphing malware back then.

Cyberattacks don’t usually begin with sophisticated hacking techniques. Often, they start with something far simpler—stolen credentials. A phishing attack, a leaked database, or even weak internal security controls can provide an attacker with legitimate access to an organization's network.

AI (Artificial Intelligence) is a broad concept encompassing machines that simulate or duplicate human cognitive tasks, with Machine Learning (ML) serving as its data-driven engine. Both have existed for decades but gained fresh momentum when Generative AI, AI models that can create text, images, audio, code, and video, surged in popularity following the release of OpenAI’s ChatGPT in late 2022.

The Tripwire Enterprise Critical Change Audit rules provide customers with the ability to monitor for critical events that could have a significant impact on a system. Monitoring for critical events can help administrators identify malicious and/or unexpected changes within their environment.