Ralph Waldo Emerson, the renowned American writer, lecturer and philosopher, is often credited with the phrase “It’s not the destination, it’s the journey.” Legal, Compliance, Risk and Security professionals would be wise to consider Emerson’s wise words and philosophy. The path to optimal compliance outcomes and practices is long and full of twists and turns – with new and increasingly complex rules, regulations and legal regimes.

Earlier this month, the U.S. Department of Justice’s Office of the Inspector General released a report on how the Department could improve its approach to combat ransomware attacks. The report included an audit and evaluated the Department’s strategy to respond and counter ransomware attacks during a two-and-a-half-year period from April 2021 through September 2023.

SecurityScorecard had the pleasure of participating in the 15th Annual Billington CyberSecurity Conference – a key convening of policymakers and industry thought leaders in our Nation’s Capital. This year’s edition – Advancing Cybersecurity in the AI Age – included over 4,000 registrants and 200 speakers participating in 40+ sessions and breakouts. It would not be an emerging tech and government conference without an extra emphasis on AI.

In April this year, the CISA Secure By Design initiative turned one. The initiative calls for the public and private sectors to work together to challenge and encourage software manufacturing companies to adopt principles to ensure their software is developed and produced as securely as possible. The initiative tracks seven goals that software manufacturers can pledge to develop and transparently track progress towards those goals.

From ransomware attacks to data breaches, the threats lurking within supply chains are more pervasive than you might realize. Many security teams aren’t aware of the various supply chain cyber risks lurking within their network, most of which are difficult to detect, manage, and mitigate. Let’s explore how to achieve a more secure and resilient supply chain.

Supply chain resilience has never been more critical. Recent cyber outages have underscored a harsh reality—supply chains are vulnerable, and disruptions can have far-reaching impacts. But what does it mean to be supply chain resilient, especially in the context of cyber threats? In this post, we will explore lessons learned from recent cyber outages, offering actionable insights for enhancing supply chain resilience.

A critical problem for security and legal professionals who manage supply chain risk is that cybersecurity risks are dynamic and always shifting. You have done your due diligence and selected a vendor with strong cybersecurity controls – but how can you guarantee that your vendor maintains this type of security hygiene and doesn’t become a target and a “weak link” in your supply chain?

SecurityScorecard is excited to announce that we are now an AWS OMNIA partner. This unlocks a critical opportunity for the 90,000 buying organizations that make up the OMNIA partner network to reduce and manage Supply Chain Cyber Risks. The third party attack surface is a fast growing risk vector and SecurityScorecard offers an industry leading solution to help organizations combat these threats.

ServiceNow and SecurityScorecard have been longtime strategic partners, helping mutual customers measure and manage cyber risk. Today we’re highlighting the next phase of our partnership and innovation to help customers tackle the complex challenges associated with managing cyber risk in the third party ecosystem. Organizations struggle with prioritization, resource constraints, and the need to act quickly when responding to threats.

As global network infrastructure expands to include devices without traditional compute power, every organization’s attack surface becomes increasingly complex. Parallel to the increased complexity in the threat landscape is the increased scale and complexity of the signals and data necessary to produce meaningful cybersecurity insights. At its core, cybersecurity is a big data problem, requiring centralization of disparate data sources in uniform structure to enable continuous analytics.