|
By SecurityScorecard
A supply chain attack does not start with your firewall. It starts with someone else’s. Instead of targeting your company directly, a cyber attacker looks for weak spots in your organization’s supply chain. That could be a trusted third-party vendor, a widely used software supplier, or even an outdated package from an open-source code repository. Once they find an opening, they exploit security vulnerabilities to gain access to your systems without ever going through the front door.
|
By SecurityScorecard
Subdomain takeovers are a growing threat in today’s cloud-first ecosystem. As organizations rely on third-party services, continuously launch digital assets, and manage sprawling DNS configurations, they often leave behind vulnerable subdomains ripe for exploitation. In this article, we explore subdomain takeovers, why they pose such a serious risk, and most importantly, how to prevent them before threat actors strike.
|
By SecurityScorecard
In today’s threat-heavy digital environment, having a Business Continuity Plan (BCP) isn’t just smart, it’s essential. Whether it’s a cyberattack, data breach, ransomware, or natural disaster, organizations need a strategy to mitigate risks, reduce downtime, and ensure continued operations. This guide walks you through how to develop a cyber-ready BCP that protects your organization from disruption and prepares you for the unexpected.
|
By SecurityScorecard
You’ve done the work—mapped the risks, built the roadmap, secured the right tools. But when it’s time to face the board, the conversation stalls. Not because you’re wrong. Because you’re speaking a different language. Boards don’t operate in threat models and tech stacks. They operate in risk, revenue, and accountability. And if you want their support, you need to meet them there.
|
By SecurityScorecard
Third and fourth-party vendors have become paramount to many businesses’ operations, as they can help improve efficiency and expand the availability of services. However, these vendors often come with increased cybersecurity risks for your organization. According to Ponemon, the average cost of a data breach increases by more than $370,000 for breaches caused by third-party vendors.
|
By SecurityScorecard
SecurityScorecard is actively engaged to ensure our Security ratings align with the Principles for Fair & Accurate Security Ratings, published by the US Chamber of Commerce. As part of this effort we strive to educate the cybersecurity community on how our products align with these important principles. This article is a continuation of a series of articles that describe how SecurityScorecard meets specific security rating principles as recommended by the US Chamber of Commerce.
|
By SecurityScorecard
North Korea’s Lazarus Group is evolving its tactics again. The latest campaign, dubbed Operation Marstech Mayhem, introduces an advanced implant named “Marstech1.” This malware is designed to compromise software developers and cryptocurrency wallets through manipulated open-source repositories. Unlike previous Lazarus operations, this campaign employs obfuscation techniques that make detection significantly harder. Read the full report here.
|
By SecurityScorecard
Supply chain security is no longer just an IT issue, it’s a critical business concern. As recent high-profile breaches like the MOVEit vulnerability have shown, a single vulnerability in a vendor’s system can have a cascading effect, disrupting operations and damaging reputations across the entire supply chain. This shift in the threat landscape demands a new approach to cybersecurity that prioritizes collaboration, resilience, and a proactive defense strategy.
|
By SecurityScorecard
When you work with third parties, their risk is your risk. Common risks associated with vendors include everything from compliance risk to operational risk to financial and reputational loss. Vendor risk assessments can help your organization narrow down who to trust, and help you identify the level of risk you are taking on with your vendors.
|
By SecurityScorecard
In a hyper-connected world, security breaches continue to increase in size and scope. Cybersecurity threats come in various forms, from social engineering to database vulnerability exploitation. With that in mind, potential damages caused by these data breaches are more likely than ever, regardless of an organization’s size. To bolster your cybersecurity posture, you should put together a data breach response plan as a way to prepare your organization.
|
By SecurityScorecard
In this week’s Weekly Brief: The Cyber Risk and Policy Edition, SecurityScorecard’s Director, Public Sector Channel Amanda Smith breaks down why the U.S. war with Iran is more than just what takes place on the physical battlefront. In 2026, as conflict unfolds in the Middle East, the digital battlefield has a direct impact on the homeland and U.S. critical infrastructure, too. “It's a global digital confrontation that hits a lot closer to home than a lot of people realize.”
|
By SecurityScorecard
Ready for the future of Third-Party Risk Management (TPRM)? The supply chain is a growing target, but you can fight back. That world is here with the transformative, threat-informed SecurityScorecard TITAN AI Platform. Imagine a world where you go beyond checking compliance boxes by actively mitigating and eliminating risk with continuous, AI-accelerated, and predictive TPRM that allows you to gain visibility and prioritize threats more effectively. Learn more about the TITAN transformation.
|
By SecurityScorecard
This is SecurityScorecard's Weekly Brief: The Adversary Insights Edition with SecurityScorecard's CISO Steve Cobb. Critical infrastructure security in the U.S. remains an important element of the ongoing conflict between the U.S. and Iran with Iranian-linked threat actors targeting US-based assets. Iranian threat actors have focused their efforts on the fastest methods of attack by searching for what Cobb calls “low hanging fruit” in critical infrastructure environments where many organizations have exposed systems.
|
By SecurityScorecard
This is SecurityScorecard's Weekly Brief: The CISO Edition with SecurityScorecard's CISO Steve Cobb. Is it time to retire the vendor questionnaire and annual assessment routines? Not quite, but following face-to-face customer interactions and many forward-thinking speaking sessions at RSAC 2026, CISO Steve Cobb emphasizes the importance of reducing risk for TPRM programs, which is not achieved by completing a third-party risk assessment checklist alone.
|
By SecurityScorecard
This is SecurityScorecard's Weekly Brief: the RSAC 2026 and TITAN AI Edition. This week, SecurityScorecard unveiled TITAN AI upon touchdown at RSAC 2026 in San Francisco. The new platform is pioneering the modern era of TPRM, leveraging AI, enhanced threat intelligence, and continuous monitoring to deliver measurable supply chain resilience to customers.
|
By SecurityScorecard
Over the past several weeks, OpenClaw and MaltBook have exploded across the headlines. Outlets have published stories about AI agents organizing themselves or even acting independently on Moldtbook. SecurityScorecard’s Jeremy Turner, VP of Threat Intelligence & Research and Anne Griffin, Head of AI Product Strategy discuss what OpenClaw is, how agentic AI works, and where the real security issues are based on new research from SecurityScorecard's STRIKE Threat Intelligence team.
|
By SecurityScorecard
SecurityScorecard's STRIKE Threat Intelligence team has uncovered tens of thousands of exposed OpenClaw instances, many of which are vulnerable to Remote Code Execution (RCE). These exposed OpenClaw instances leave users and organizations open to attacks. OpenClaw and other agentic AI tools are designed to take actions on a user’s behalf, interact with infrastructure, and move across connected services. That functionality is the appeal. It is also the risk for users around the globe.
|
By SecurityScorecard
AI agents aren’t taking over. But agentic AI without security is a real problem. Over the last few days, Moltbot and its social platform Moltbook have surged across headlines and social media. Some are calling it a glimpse of artificial general intelligence. Others say AI agents are organizing themselves. That’s not what’s happening. In this video, SecurityScorecard’s Jeremy Turner, VP of Threat Intelligence & Research, breaks down what Moltbot actually is, why this isn’t AGI, and where the real danger lives.
|
By SecurityScorecard
“150 companies account for 90% of the technology products and services across the global attack surface. 41% of those companies had evidence of at least one compromised device in the past year.” With organizations as interconnected as they are, even organizations who “have” good cybersecurity are only as good as their weakest link.
|
By SecurityScorecard
"When cyber risk is treated as an internal problem, governments miss where most modern attacks actually begin: in their vendors, their service providers, digital dependencies that sit outside their direct control." SecurityScorecard's Head of Public Policy Michael Centrella shares his key takeaways and insights from the latest World Economic Forum’s Global Cybersecurity Outlook 2026 which states a simple, clear truth: cyber risk no longer lives inside the firewall.
|
By SecurityScorecard
Corporate board members are known for their relentless focus on the bottom line -- and with good reason. CISOs and other security executives are often mired in technical language and many times, unable to communicate the business impact that cybersecurity has on the bottom line. This helps explain why the average tenure of a CISO is roughly two years.
|
By SecurityScorecard
In this ebook, we will highlight three principles that are key to implementing a world-class TPRM program. Taken together, these practices will move your organization toward a full 360° view of organizational risk-both internally and across your ecosystem: see risk, solve problems, report results.
|
By SecurityScorecard
The COVID-19 pandemic has disrupted businesses in ways that few had planned for, resulting in shutdowns, global economic downturn, supply chain volatility, and a sudden uptick in e-commerce and remote work. The disruption is straining security and IT teams who have to quickly respond and adapt to a series of unanticipated business events. How can security and IT teams stay agile, enable business resilience, and manage the shift to the new normal?
|
By SecurityScorecard
A company-wide cybersecurity strategy is absolutely essential to combat today's evolving risk landscape. This means breaking down silos and encouraging the engagement of security experts throughout different business units. By leveraging collective understanding to expose unknown threats, you can amplify the effectiveness of your security program and technology stack. We call this "Modern Cyber Risk Management".
|
By SecurityScorecard
As cybercriminals continue to evolve their threat methodologies, industry standards and governments have revised their compliance programs and audit criteria. Regulators and auditors have increasingly begun requiring organizations to mature their programs in order to ensure continuous monitoring as well as senior management and board-level oversight.
|
By SecurityScorecard
Whether it's about cutting costs, reducing third-party incidents, regulatory or internal scrutiny, it's likely that you are looking to mature your vendor risk management (VRM) program. This ebook will show you how to improve your vendor risk management program in three parts and how to take it to a mature state, ready to handle the modern risk that lies ahead. Download the complete guide to building your vendor risk management program.
- April 2026 (4)
- March 2026 (1)
- February 2026 (3)
- January 2026 (9)
- December 2025 (12)
- July 2025 (1)
- May 2025 (3)
- April 2025 (1)
- March 2025 (5)
- February 2025 (3)
- January 2025 (8)
- December 2024 (7)
- November 2024 (6)
- October 2024 (5)
- September 2024 (4)
- August 2024 (8)
- July 2024 (4)
- June 2024 (3)
- May 2024 (15)
- April 2024 (12)
- March 2024 (12)
- February 2024 (14)
- January 2024 (11)
- December 2023 (44)
- November 2023 (28)
- October 2023 (22)
- September 2023 (11)
- August 2023 (11)
- July 2023 (7)
- June 2023 (17)
- May 2023 (8)
- April 2023 (9)
- March 2023 (15)
- February 2023 (9)
- January 2023 (8)
- December 2022 (9)
- November 2022 (16)
- October 2022 (14)
- September 2022 (19)
- August 2022 (13)
- July 2022 (15)
- June 2022 (25)
- May 2022 (15)
- April 2022 (22)
- March 2022 (20)
- February 2022 (20)
- January 2022 (11)
- December 2021 (14)
- November 2021 (16)
- October 2021 (10)
- September 2021 (11)
- August 2021 (11)
- July 2021 (15)
- June 2021 (23)
- May 2021 (2)
- April 2021 (2)
- March 2021 (1)
- August 2020 (1)
Constantly emerging sophisticated cyber attacks jeopardize your business every minute of every day. SecurityScorecard instantly identifies vulnerabilities, active exploits, and advanced cyber threats to help you rigorously protect your business and strengthen your security posture – from an outside-in perspective, enabling you to see what a hacker sees.
Get your free scorecard and learn how you stack up across 10 categories of risk. Answer a few simple questions and instantly receive your score in your business email.
Best-of-breed capabilities for tech-forward organizations:
- Third-Party Risk Management: Get instant visibility into the security posture of your vendors and business partners.
- Enterprise Cyber Risk Management: Discover, monitor, and report on the security vulnerabilities in your data centers and systems.
- Cyber Insurance: Accurately assess the security posture of insureds and continuously monitor your portfolio.
- Executive-Level Reporting: Effectively communicate your cybersecurity strategy and risk to the Board and C-Suite.
- Due Diligence: Gain insight into the cyber risk of any company, make data driven business decisions, and reduce financial risk.
- Compliance: SecurityScorecard enables organizations to easily prove and maintain compliance with leading regulation and standards mandates including PCI, NIST, SOX, GDPR, and many others.
Cybersecurity risk management for tech companies.