In July of this year, the Office of the National Cyber Director (ONCD) stated in its release of an RFI on regulatory harmonization that: “When cybersecurity regulations of the same underlying technology are inconsistent or contradictory—or where they are duplicative but enforced differently by different regulators … consumers pay more, and our national security suffers.” This is an understatement. SecurityScorecard agrees and was happy to share our comments with ONCD today.

In cybersecurity, the terms “trust” and “transparency” are often mentioned. And while they should no doubt be a priority, they can also be difficult to quantify. Good CISOs recognize that transparency in cybersecurity isn’t a one-time effort. It’s a continuous process that involves a near-constant state of evolution. But with the right tools and systems in place, it’s possible to not only measure trust and transparency but improve them as well.

CISOs and security leaders are constantly being reminded that cyber risk is now a business risk. And at the same time, organizations are realizing the financial implications of not having cyber expertise on their boards.

Cloud platforms offer unparalleled scalability, flexibility, and cost-efficiency. However, the convenience and advantages of the cloud are accompanied by significant security challenges. Hackers are constantly trying to exploit weak cloud configuration settings, which is why it’s important to have visibility into the security of your organization’s cloud infrastructure.

Cybercrime is on the rise. By 2025, the cost of cybercrime around the world is estimated to escalate to $10.5 trillion, based on a year-over-year increase of 15%. This number represents the potential for the largest transfer of economic wealth in history and exceeds even the total global profits from the illegal drug trade.

The traditional enterprise risk model is a thing of the past. Cybersecurity risk cascades into almost every part of an organization, triggering legal fallout, technology risk, compliance issues, and more. Bottom line, third-party cyber risk is a material business risk. A recent report found that 80% of organizations experienced at least one data breach caused by a third party last year.

SecurityScorecard is proud to announce that it has achieved the Ready Designation under the Federal Risk and Authorization Management Program (FedRAMP). This designation demonstrates SecurityScorecard’s commitment to the rigorous security standards required by the U.S. government for cloud service providers, and it will enable the company to meet growing demand from U.S. federal agencies for its Third-Party Cyber Risk Management Platform. U.S.

In late August, Microsoft published its analysis of espionage activity tied to a new threat actor group called Flax Typhoon, which is believed to operate on behalf of the People’s Republic of China (PRC). The group mainly targets Taiwanese critical infrastructure, including: government, education, manufacturing, and information technology sectors.

With the average cost of a data breach now at $4.35 million, it’s time for organizations to take proactive measures to protect themselves against cyber threats. By conducting thorough security testing, organizations can gain a deeper understanding of their security posture and make informed decisions about where to allocate their resources to improve their overall cybersecurity readiness.

Last week, I had the opportunity to moderate a panel at the NACD Summit, where I was joined by: Deven Sharma, Former President at S&P; John Katko, Former Member of U.S. House of Representatives; and Aaron Hughes, CISO at Albertsons. The National Association of Corporate Directors (NACD) holds its summit annually to empower directors and transform boards to be future ready. Our panel discussion focused on how board members can strategically oversee their organizations’ cybersecurity resilience.

Zero-days are out there. Lurking just under the surface, waiting for the right moment to strike. A security team can do everything right and still experience a zero-day attack in its supply chain. And with innumerable configurations, devices, and platforms that can be exploited, zero-day exploits are becoming more common than ever.

In a world where AI is everywhere, cybersecurity regulations are on the rise, and cyber insurance is booming, we need standardized metrics for cybersecurity. Remember, you can’t manage what you can’t measure. A recent report by SecurityScorecard and the Cyentia Institute discovered a startling fact: 98% of organizations have a third party with a breach in the last two years. In cybersecurity, metrics matter; knowing how to communicate and report on metrics is essential.

Staying ahead of cyberattacks and strengthening your organization’s defenses doesn’t happen overnight and can be hard to accomplish without the right tools and cyber strategies. SecurityScorecard’s Threat Intelligence team hosted a webinar that highlights the importance of threat exposure management, its latest trends, and how to implement this framework into an organization’s cybersecurity plan.

The world around us is often a reflection of who we are and what we value. The same can be said for businesses. It’s no longer enough to be resilient, trustworthy, and secure your own organization; the companies you do business with need to meet these same standards.

October is Cybersecurity Awareness Month, a dedicated month for the public and private sectors to work together to raise awareness about the importance of cybersecurity. And this year’s theme, “Secure Our World,” couldn’t be more timely. With the growing number of cyberattacks worldwide, it’s becoming increasingly apparent that critical infrastructure is at risk.

In the world of cybersecurity, zero-day vulnerabilities, zero-day attacks, and zero-day exploits keep many CISOs up at night. These terms, often shrouded in mystery and intrigue, denote a significant risk to digital systems and the sensitive data they hold. Understanding the intricacies of zero-day vulnerabilities and the exploits that leverage them is crucial for individuals, organizations, and governments seeking to fortify their defenses against cyber threats.

Last week in New York, I had the opportunity to attend a panel discussion hosted by SINET and moderated by Upendra Mardikar, the Chief Information Security Officer of TIAA. We discussed everything from security in DevOps, to AI’s pros and cons, and cybersecurity’s future. As long as the attack surface, API usage, and digital footprints increase, so will cyber risk.

Due to the increasing frequency and impact of cybersecurity threats, vulnerability management has become a heightened priority for many organizations. While businesses often focus on vulnerability assessments when developing their vulnerability management programs, assessments are only the first step in a holistic cybersecurity threat mitigation strategy. One aspect of vulnerability management that is often overlooked is vulnerability remediation.

Financial entities throughout the European Union are preparing for the Digital Operational Resilience Act (DORA), a new piece of legislation to strengthen the digital resilience of credit institutions, investment firms, insurers, and more. DORA focuses on breach prevention and cyber resilience, meaning financial institutions must prioritize both protecting their attack surface and incident response planning.

Critical Security Controls are a set of cybersecurity principles and actions that list defense tactics and best practices to mitigate against popular cyber-attack methods. But what makes them so valuable is that the framework prioritizes a small number of actions that all work to significantly reduce cybersecurity risk across your network. Keep reading to learn more about CIS controls, as well as which controls are essential for successful cyber defense.

General Data Protection Regulation (GDPR) is a framework for data protection that gives strict obligations for organizations within the European Union. For many businesses, understanding and implementing GDPR vendor management is a daunting task. That’s why we are going to break down what GDPR vendor management is, who is involved in it, and what the requirements are.