Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Is Cybersecurity Recession-Proof?

Spoiler alert: The answer is yes. But not in the way you might expect. Unless you live in an enchanted land where mermaids feed you healthy beer for breakfast, your security budget has probably shrunk recently. The good news is that this can be good news because determining with ruthless clarity the effectiveness (or ineffectiveness) of your cybersecurity program will help you take deliberate steps to improve it with an efficient spend.

Do You Know How Much Risk Your Third-Party Vendors Pose to Your Business?

When you choose to work with a third party, there's always the risk that they will cause your business harm. The right tools can help you make better-informed decisions about the vendors you choose and spot problems before they occur. Third-party vendors are an important part of any business, but it's important for employers to understand what the risks are when working with these partners.

What is Cyber Risk Quantification? A Comprehensive Guide

As cybercriminals discover new ways to expand the threat landscape, cyber security professionals need to be able to predict their next move and stay ahead of evolving cyber threats. But in order to do so, businesses must be aware of their vulnerabilities, have a clear view of their cybersecurity posture, and have an understanding of their associated risks.

Phishing May Have Preceded Data Breach Exposing Personal Information of Over 2.5 Million People

In late August, a technology provider that offers student loan account management and payment services submitted a breach notice indicating that a compromise detected on July 22 exposed 2.5 million individuals’ data, including their names, contact information, and social security numbers. At present, neither the breach notice nor subsequent reporting have provided detailed insights into the nature of the breach, noting only that it likely began in June and continued until July 22.

Product Announcement: Monitor Vendors Outside Your Portfolios with Watch List

We’re excited to announce a new way to monitor all of the companies you care about, but maybe don’t need all the granular security data on. Watch List lets you monitor the high-level score information of companies you care about without consuming a more detailed Portfolio slot.

To vCISO or not to vCISO?

Chief Information Security Officers know all about the “Sea of troubles,” and they experience “slings and arrows” daily. In mid-September, we saw a breach of Uber that threatened to undo the company’s security program - for exposing a fairly easy path to super admin privileges across most (if not all) of its infrastructure and security tools like GSuite, AWS, and HackerOne private vulnerability reports. The stakes are high.

3 Services That Improve Your Security Posture

Besides KPIs and ratings to measure and quantify risk, you need to have a team of experts available 24/7, who you can rely on to help fix the worst problems. Put these four services in your cybersecurity toolbox: If a ransomware attack happens in the middle of the night on the weekend, you must be able to call somebody 365 days a year to help you recover and figure out how to get back up to speed. If you get breached, how do you diagnose how an attacker got in? You need to have experts who can go on your site and understand how attackers penetrated the defenses.

How to Use Cyber Risk Quantification for Vendor Risk Management

The purpose of vendor risk management is to strike a delicate balance between facilitating the needs of the business by integrating new vendors and ensuring that those same business partners don’t exceed the organization’s risk appetite. Maintaining a healthy balance between those two interests requires leaders to always consider broader business goals when executing VRM strategies.

Extortion and Adaptability: Ransomware Motives Remain Consistent as Tactics Change

Ransomware has traditionally revolved around the encryption of victims’ files. But even if encryption remains ransomware groups’ most common approach, it isn’t really their priority–extortion is. Financially-motivated cybercriminals care more about extracting payment from their victims than they do about the particular methods used to achieve that goal.

Be The Partner of Choice

SecurityScorecard Co-Founder and Chief Operating Officer Sam Kassoumeh shares Tip #5 from our ebook, 5 Ways to Secure Your Organization in Turbulent Times: Make your organization the partner of choice. Every vendor, regardless of industry, must view cybersecurity as a key strategic component. This video explores how a strong cybersecurity posture can increase trust and provide competitive differentiation and advantage, helping you to become a trusted market leader.