Risk Management

Why every security team needs to be prepared for the unexpected

Oct 24, 2023 By SecurityScorecard In SecurityScorecard

The traditional enterprise risk model is a thing of the past. Cybersecurity risk cascades into almost every part of an organization, triggering legal fallout, technology risk, compliance issues, and more. Bottom line, third-party cyber risk is a material business risk. A recent report found that 80% of organizations experienced at least one data breach caused by a third party last year.

Read Post

SecurityScorecard

Read more about Why every security team needs to be prepared for the unexpected

SecurityScorecard Achieves FedRAMP 'Ready' Designation

Oct 24, 2023 By SecurityScorecard In SecurityScorecard

SecurityScorecard is proud to announce that it has achieved the Ready Designation under the Federal Risk and Authorization Management Program (FedRAMP). This designation demonstrates SecurityScorecard’s commitment to the rigorous security standards required by the U.S. government for cloud service providers, and it will enable the company to meet growing demand from U.S. federal agencies for its Third-Party Cyber Risk Management Platform. U.S.

Read Post

SecurityScorecard

Read more about SecurityScorecard Achieves FedRAMP 'Ready' Designation

SecurityScorecard Research Investigates Chinese Threat Actor Group

Oct 23, 2023 By SecurityScorecard In SecurityScorecard

In late August, Microsoft published its analysis of espionage activity tied to a new threat actor group called Flax Typhoon, which is believed to operate on behalf of the People’s Republic of China (PRC). The group mainly targets Taiwanese critical infrastructure, including: government, education, manufacturing, and information technology sectors.

Read Post

SecurityScorecard

Read more about SecurityScorecard Research Investigates Chinese Threat Actor Group

Vendor Offboarding: Best Practices for Ensuring Security

Oct 20, 2023 By Leah Sadoian In UpGuard

When organizations hear “third-party risk management,” they often consider the processes needed to mitigate risks when working with a third-party vendor. These can include procurement risks and risks associated with starting new vendor relationships, often referred to as "onboarding,”—but what about when a working relationship ends?

Read Post

UpGuard

Read more about Vendor Offboarding: Best Practices for Ensuring Security

CISA KEV's Known Ransomware Attribution

Oct 20, 2023 By Nucleus In Nucleus

This past week, Patrick Garrity, Security Researcher at Nucleus, spent a lot of time exploring Cybersecurity and Infrastructure Security Agency's update the Known Exploited Vulnerabilities catalog, which now includes attribution to vulnerabilities associated with ransomware campaigns. In this short video, he explores this new addition and walks through the data visualizations he created to provide broader visibility into this new addition.

View Video

Nucleus

Read more about CISA KEV's Known Ransomware Attribution

A Deep Dive Into Security Testing

Oct 19, 2023 By SecurityScorecard In SecurityScorecard

With the average cost of a data breach now at $4.35 million, it’s time for organizations to take proactive measures to protect themselves against cyber threats. By conducting thorough security testing, organizations can gain a deeper understanding of their security posture and make informed decisions about where to allocate their resources to improve their overall cybersecurity readiness.

Read Post

SecurityScorecard

Read more about A Deep Dive Into Security Testing

Evolution of Cybersecurity: From Passwords to On-Demand CRQ

Oct 18, 2023 By Kovrr In Kovrr

In merely a few decades, technological pioneers developed an unprecedented ability for society to access and store data in immeasurable quantities. This newfound power transformed many aspects of the physical world into a digital one, taking everyday activities such as banking, gaming, shopping, and socializing online.

Read Post

Kovrr

Read more about Evolution of Cybersecurity: From Passwords to On-Demand CRQ

What's new in UpGuard // Cyber Vendor Risk Management Product Releases

Oct 18, 2023 By UpGuard In UpGuard

Check out the latest product releases from UpGuard!

View Video

UpGuard

Read more about What's new in UpGuard // Cyber Vendor Risk Management Product Releases

Board Members' Guide to Cyber Governance and Leadership

Oct 18, 2023 By SecurityScorecard In SecurityScorecard

Last week, I had the opportunity to moderate a panel at the NACD Summit, where I was joined by: Deven Sharma, Former President at S&P; John Katko, Former Member of U.S. House of Representatives; and Aaron Hughes, CISO at Albertsons. The National Association of Corporate Directors (NACD) holds its summit annually to empower directors and transform boards to be future ready. Our panel discussion focused on how board members can strategically oversee their organizations’ cybersecurity resilience.

Read Post

SecurityScorecard

Read more about Board Members' Guide to Cyber Governance and Leadership

Release Spotlight: Trends Page Upgrade and Bulk Data Export Functionality

Oct 18, 2023 By Rob Gibson In Nucleus

In vulnerability management (VM), the task of sifting through vast amounts of data to pinpoint critical insights can feel like searching for a needle in a haystack, specifically a haystack with many precious needles that all look alike. And, of course, the one needle you’re looking for is mission-critical and can mean the difference between securing your business and leaving it open to attack.

Read Post