As part of SecurityScorecard’s commitment to making the world a safer place, we are now the first and only security ratings platform to integrate with OpenAI’s GPT-4 system. With this natural language processing capability, cybersecurity leaders can find immediate answers and suggested mitigations for high-priority cyber risks.

Great innovations bring great risks — including artificial intelligence. You may be aware of the cutting-edge capabilities, but have you considered the risks of AI? A few weeks ago, my colleague wrote on the dangers of ChatGPT, focusing on the risk of adding third parties to your ecosystem. Since then, things have only gotten worse.

Researchers from Bitsight and Curesec have jointly discovered a high-severity vulnerability — tracked as CVE-2023-29552 — in the Service Location Protocol (SLP), a legacy Internet protocol. Attackers exploiting this vulnerability could leverage vulnerable instances to launch massive Denial-of-Service (DoS) amplification attacks with a factor as high as 2200 times, potentially making it one of the largest amplification attacks ever reported.

Assessing cyber risk for potential vendors is one of the most important aspects of managing third-party risk for any organization. The vendor risk assessment process helps businesses decide which partners or service providers to work with and, more importantly, who to trust with their most sensitive data.

Vendor criticality is the level of risk that vendors are categorized into during the risk assessment phase. Determining vendor criticality is an essential part of the third-party risk management (TPRM) program to help organizations better prioritize their risk remediation goals. As part of the vendor risk assessment and vendor due diligence process, understanding the risk criticality levels of each vendor plays a huge role in preventing data breaches from occurring.

Cybersecurity has become a top-of-mind concern for many C-level executives and board members. Data breaches are a daily occurrence and carry a hefty — and growing — price tag averaging $4.35 million worldwide, according to the latest Cost of a Data Breach report. However, this is only one of several potential cybersecurity risks that an organization can face.

After COVID, enterprise IT security got turned on its head. As the world adjusted to working from home, and continues to, IT teams worked overtime to enable remote access for millions of employees. This transition has gone smoothly for most organizations, but many security gaps still remain years later. The SolarWinds data breach is a worrying example. It shows how vulnerable organizations are to malicious activity in our changing risk environment.

Let's be honest – nobody likes security questionnaires. To vendors, they're irritating workflow interruptions, always seeming to arrive at the most inconvenient times. To businesses, they mark the first stage of a long, drawn-out process where vendors need to be continuously pestered to complete them. In this post, we outline three proven strategies for streamlining the security questionnaire process to eliminate stress for both the businesses that send them and the vendors receiving them.

Vendor security questionnaires accurately evaluate a third-party supplier’s attack surface, but only if they’re utilized intelligently. The quality, and therefore, accuracy, of questionnaires rapidly deteriorates when they become excessively lengthy, one-size-fits-all templates bloated with jargon. In this post, we suggest x actions for improving the accuracy of your security questionnaires and the overall efficiency of your security questionnaire process.

When a major security event like SolarWinds or Log4j happens, how do you assess the impact across your third-party supply chain? Most organizations struggle to effectively react to zero day attacks and other critical vulnerabilities at scale, often following manual and cumbersome workflows. But our latest capability is here to change that.