Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

February 2022

Robustness vs Resilience in Cybersecurity

Our cybersecurity architectures need to be resilient, not robust. Let’s understand with an example: Egyptian pyramids are robust. They have stood the test of time for 1000s of years. But they're not resilient. If you blow one up with dynamite, it will explode. On the other hand, a coral reef is resilient. If you break off a part of it, it regenerates itself. Similarly, in cybersecurity, we need to have the mindset of resilience, recovery, and recuperation.

Past as a Prologue: What Users can Expect with 2022 Cyber Threats

The cyber risk landscape changes quickly. In the last few years we’ve seen a rise in the number of ransomware attacks, and the end of 2021 was marked by the Log4J vulnerability. As data stacks get bigger and more difficult to defend, you may be wondering what threats are on the horizon in 2022. Based on what we’ve seen so far, the coming year’s risks are likely to be fairly familiar.

Common Mistakes Chief Security Officers Make

Here are 3 common mistakes chief security officers (CSO) make: Not prioritizing risks: Certain things might feel risky, but they’re not, while certain other things might feel safe, but they’re risky. Example: A turbulent flight feels dangerous but is often not, whereas passive smoking might feel safe but is highly risky. A good CSO can differentiate between what “feels” risky and actual risk. This allows them to prioritize and mitigate risks effectively. Not alternating between business and technical hats.

How Cybercriminals are Leveraging Weaponized AI for Cyber Attacks

In the world of cybersecurity, artificial intelligence (AI) has changed the way we discover, respond, and recover from cyberattacks. But despite the several advancements of AI in cybersecurity, cyberattacks are becoming more and more dangerous because of AI. Cybercriminals are now leveraging existing artificial intelligence tools and AI-based technologies for use in their own attacks, and as a result, cyber threats and attacks are becoming harder to prevent.

What is a Whaling Attack (Whaling Phishing)? Definition & Examples

According to the FBI Internet Crime 2020 Report, phishing scams were the most prominent attack in 2020 with 241,342 complaints reported and adjusted losses of $54 million. In particular, whaling (a highly targeted phishing attack) has been on the rise and is only expected to grow from here. A whaling attack targets high-profile executives with access to valuable information and systems. Let’s take a closer look at whaling attacks and how to stay protected.

The Best Way to Prevent Getting Hacked

Here are simple cyber hygiene practices to get ahead of 95% of companies: Hackers today have tools that can find 1000s of easy targets that have bad cyber hygiene with a single click. Here’s an analogy: Imagine you’re a burglar walking in a neighborhood, thinking which house to break-in. While all the houses look perfect, there is one that looks abandoned with broken doors, an unkempt lawn, and graffiti on the wall.

What Is Cyber Hygiene?

The hackers succeed because they know your attack surface better than you do. - Rob Joyce. For example, a lot of times, companies spin up a QA server and then forget about it, which then becomes an easy target for hackers to break into the company. Companies need to maintain a good cyber hygiene by taking care of the basics. An example of a bad cyber hygiene is a website that shows Copyright 2010 in 2022.

25 Common Types of Malware & How To Identify Them

Viruses, worms, ransomware — even the least tech-savvy among us know what these are, and want to avoid them if at all possible. What do they all have in common (besides the fact that they can lock up your devices and attempt to steal your data)? They all fall under the malware umbrella.

New York Department of Financial Services Identifies 2022 Cybersecurity Priorities and Current Trends

In a recent webinar, SecurityScorecard hosted Justin Herring, Executive Deputy Superintendent, Cybersecurity Division of the New York Department of Financial Services (DFS), and Luke Dembosky, Partner and Co-Chair of the Data Strategy & Security practice at Debevoise & Plimpton, to discuss DFS’s top cybersecurity priorities this year, current enforcement and to examine trends, and the regulatory environment around cybersecurity in 2022.

SecurityScorecard Joins the IT-SCC

I am excited to share that SecurityScorecard is now formally a member of the Information Technology Sector Coordinating Council (IT-SCC). Established in 2006, the IT SCC is the principal entity for coordinating with the government on a wide range of critical infrastructure protection activities and cybersecurity issues.

The Lightbulb Moment for SecurityScorecard

“Alex, I don’t think you are doing a good job,” said the chairman as I presented my progress. I was shocked. At that time, I was working as the Chief Security Officer at Gilt Groupe. He continued, “...because people aren’t complaining. If you were making enough changes, I’d hear more people complaining about you.” It was this ironic moment that gave birth to SecurityScorecard as I realized that companies have no KPIs to know how they’re doing on the cybersecurity front.

How to Manage Your Security in A Hybrid World: 15 Cybersecurity Tips & Best Practices

The hybrid workplace is here to stay. If the past couple of years have proved anything, it’s that many workers enjoy working remotely, or like the flexibility of working from home part-time. Organizations also appreciate the benefits of a hybrid workplace; according to Gartner, 48% of employees will likely work remotely at least part of the time after COVID-19, as opposed to the 30% of employees who did so before the pandemic.

How to Secure Personally Identifiable Information (PII)

PII, or Personally Identifiable Information, is any information that directly or indirectly identifies an individual, such as name, address, payment information, or contact information. The U.S. The Department of Homeland Security defines a second category of PII: Sensitive PII, which includes Social Security Numbers, driver’s license numbers, Alien Registration numbers, financial or medical records, biometrics, and criminal history.

3 Ways to take your Third- and Fourth-Party Risk Management to the Next Level with Automatic Vendor Detection

Vendors are a key part of every business and, therefore, every organization’s security. Yet, one of the biggest challenges for security and third-party risk management teams is tracking down their vendors. It’s no wonder that 65% of organizations don’t know which third parties have access to their most sensitive data. On top of that, vendor risk management teams need to worry about who their vendors’ vendors are – namely their fourth parties.

SecurityScorecard Acquires LIFARS; Empowers Orgs w/ View of Cyber Risk & Path to Cyber Resilience

Watch a video message from Aleksandr Yampolskiy, SecurityScorecard CEO & Co-Founder and Ondrej Krehel, LIFARS' CEO & Founder, about the customer benefits of this winning combination.

Life moves fast. Cyber threats move even faster.

Our world is changing rapidly. More than ever, organizations are reliant on digital technologies to do business. Cyber threats continue to evolve as adversaries seek to exploit digital connections for financial gain. Today, SecurityScorecard has announced the acquisition of LIFARS, a global leader in digital forensics, incident response, ransomware mitigation and cyber resiliency services.

6 Benefits of Effective Risk Management in Cybersecurity

Cyber attacks are major threats to organizations and industries across the board. And as technology advances, cybersecurity continues to be the focus that requires serious attention. However, many have weaknesses and gaps in their cybersecurity strategy. Common weaknesses can include the failure to identify and mitigate risks, as well as maintain compliance in the industry – leaving organizations more vulnerable to attacks.

365 Breaches Anticipated in 2021 and How Predictions Can Protect Your Firm in 2022

What would you do, if you could predict a data breach? In this webinar recording, Penguin, Sainsbury’s, Tesco, and others will show how they use SecurityScorecard to predict and prevent data breaches. They will explain how they engage with their subsidiaries and suppliers, showing you how hundreds of breaches have been predicted in 2021 and what that means for 2022.

What is a Botnet Attack? 5 Ways to Prevent It

A botnet is a cluster of machines that are infected with malware, enabling hackers to control them and unleash a string of attacks. Most commonly, botnets come in the form of distributed denial of service (DDoS) attacks, and recently the Microsoft Azure DDoS Protection team reported a 25% increase in these attacks when compared to the first half of 2021. Recent advances in technology have opened up a world of new opportunities for both consumers and businesses.