Your organization’s attack surface can be a tricky thing to monitor. In our connected world, it seems like your attack surface is always expanding. That’s probably true. Attack surface expansion has exploded, driven by cloud adoption, the use of SaaS (software as a service) tools, and the fact that so many organizations have come to rely on third-party vendors.

In a world full of security breaches and litigation, every organization needs a solid strategy to identify and reduce risks relating to the use of third parties, e.g., vendors, suppliers, partners, contractors, or other service providers.

This blog is the latest in a series dedicated to Zhadnost, a Russia-aligned botnet first discovered by SecurityScorecard in March.

In 2020, SecurityScorecard uncovered a case in which self-signed certificates caused misattributions for CDN IPs, and IPs shared by many websites. At the time, we mitigated this issue by labeling CDNs (e.g. Cloudflare, Akamai, Fastly, etc.), so that customers could easily determine if their scoring problems were related to shared IPs.

In a threat landscape where organizations outsource vital business processes that leave data security in the hands of third-party information technology, vendor risk management is increasingly important. A 2022 KPMG study found that 73% of survey respondents experienced at least one significant disruption caused by a third party over the past three years.

Modern organizations are increasing cloud adoption to reap the operational benefits of outsourcing critical business functions. A 2021 study found that 90% of surveyed organizations now use cloud computing, such as software-as-a-service (SaaS) services. SaaS solutions help organizations achieve vital objectives, such as cost reductions and faster time-to-market. However, like all other digital transformation products, they also introduce cybersecurity risks.

Learn how the industrial internet of things (IIoT) is changing industries around the world, and what your business can do to make sure your IIoT devices are secure. The fourth industrial revolution – industry 4.0, as some are calling it – is upon us. As digital transformation sweeps across manufacturing, production and related industries, many organizations are grappling with this new stage in the organization and control of the industrial value chain.

Operational risk is defined as the risk of a loss that results from inadequate or failed business processes, people and systems, or from external events. More simply, operational risk pertains to any uncertainty or threat your organization faces (or might face in the future) during day-to-day business activities. The risk arises from operational disruptions and is likely to result in losses or reputational damage. Some operational risk is inevitable for every organization.

Most businesses today want to deliver modern applications, products, and services to customers as efficiently as possible. This seemingly simple goal is far more complex than it sounds – particularly in the age of digital transformation.