Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

July 2021

10 Common Cyber Attack Vectors and How to Avoid Them

When it comes to cybercrime, cybercriminals are constantly changing their tactics. Think back to 10 years ago; malware sites — malicious sites that attempt to install malware on a device – were a common attack vector. At the same time, sophisticated ransomware attacks on organizations were rare. Often, ransomware was used to target individuals, sometimes blackmailing them for having been on unsavory sites and asking for a few hundred dollars in ransom.

Company Trends Report: Visibility into Cyber Risk Management

Everyone tracks progress. Whether it’s academics, health, or job skills, people need visibility into where they started and how well they’re advancing toward a goal. From a business perspective, tracking progress gives insight into whether the organization is prioritizing activities for long-term initiatives or whether it needs to take corrective action. Sometimes, the progress reports remain internal. Other times, organizations share them with customers and business partners.

What is SOX Compliance? Requirements & Controls

Although the Sarbanes-Oxley Act of 2002 (SOX) has been around for nearly two decades, many companies still struggle to meet compliance requirements. Initially enacted in response to public companies mishandling financial reporting, SOX is a compliance requirement for all public companies. Understanding SOX compliance, as well as its requirements and controls, helps organizations create more robust governance processes.

Actionable Insights with SecurityScorecard Threat Intelligence Partners

Threat intelligence provides valuable insight into contextual business risk. You can gain insight into threat actors targeting your industry or information from your organization located on the Dark Web. According to one report, 79% of security professionals find threat data feeds essential to their organization’s cybersecurity posture. Additionally, 63% of respondents noted that they use feeds to ensure a better defense.

5 Key Cybersecurity Considerations for Insurance Companies

The connected nature of business environments has increased the severity and frequency of cyberattacks in the insurance sector. Insurance companies face a greater threat than most industries because they deal with sensitive and valuable data stemming from numerous avenues. This has resulted in several high-profile cyberattacks on insurance providers over the past few years.

What is Digital Risk Protection (DRP)?

Technology is always changing, and as it does, businesses are constantly adopting new technologies to streamline their business processes and improve deliveries of goods and services. With those new technologies, however, comes risk. Every new technology opens up a business to digital threats. Sometimes those threats come from the untested nature of leading-edge technology, and sometimes those threats are simply associated with the learning curve of users within an organization.

Taking the Pain Out of Vendor Risk Assessments

Supply chains are an essential part of today’s on-demand economy. However, they also expand your ecosystem, increasing the threat surface that you need to secure. While compliance assessments document vendor controls and enable you to manage third-party risk, responding to and completing them takes time. These delays can make your procurement team feel like you’re trying to disqualify their vendor.

Protect Your Retail Supply Chain Against Cyber Attacks

The consumer goods and retail industry stores customer data in various digital platforms across multiple third-party vendors. This environment is perfect for cybercriminals to look for weak points to gain access to valuable customer data. Oftentimes, cybersecurity teams are focused too much on securing their own organization from the outside. As hacker techniques become more widespread and sophisticated, organizations must be able to see not only their own security posture but also their third parties’ from the viewpoint of the hackers’. What do hackers see and where are the weak points?

What is Zero Trust Architecture? 9 Steps to Implementation

As more companies migrate to the cloud, the way that companies protect data changes as well. In a traditional on-premises network architecture, companies were able to follow the “trust but verify” philosophy. However, protecting cloud data needs to take the “never trust always verify” approach. Understanding what a Zero Trust Architecture is and how to implement one can help enhance security.

6 Strategies for Cybersecurity Risk Mitigation

This past year saw nearly a 300% increase in reported cybercrimes, according to the FBI’s Internet Crime Complaint Center (IC3). There has been a clear rise in threat volume and sophistication as many cybercriminals shift to techniques that can effectively evade detection and easily go after high-value targets. IoT devices are becoming a focus for threat actors, and threats related to credential harvesting and ransomware are also growing in number.

16 Countries with GDPR-like Data Privacy Laws

Coming into force on May 25th, 2018, the General Data Protection Regulation (GDPR) was a landmark for data protection. Trading blocs, governments, and privacy organizations took note, and over the last three years, GDPR has inspired new data privacy legislation worldwide.

How to Ensure Password Hygiene at Your Organization

In a SecureAuth survey, 62% of respondents claimed to use the same password across three to seven different accounts. It begs the question: If passwords play an integral role in cybersecurity performance, why are people so remiss when it comes to practicing good password hygiene? Practicing good password hygiene is a security measure that organizations must take to protect against cyber threats.

Speed Up Security and VRM Workflows with Zapier and SecurityScorecard

Security ratings are one out of the myriad of tools that security, IT, and vendor risk management teams rely on. In fact, we know that companies deploy an average of 47 different cybersecurity solutions and technologies; yet only 39% of security leaders believe that they are getting full value from their security investments. That’s why we built our Zapier app, enabling you to connect SecurityScorecard to over 3,000 apps and automate key workflows based on SecurityScorecard data.

Leading indicators for the leading indicators: SecurityScorecard & HackerOne

During this workshop, Mike Wilkes (CISO, SecurityScorecard) and Alex Rice (CTO and Co-Founder, HackerOne) discussed more advantages of combining VDPs, bug bounty programs, and continuous external cyber monitoring, including the impact it can have on reducing risk, preventing breaches, and vetting third parties. Watch the recorded workshop to learn.