Nowadays, Wi-Fi networks are among the most commonly used networks, making them a go-to target for cyber attacks. An attacker with basic tools and knowledge can crack 70% of Wi-Fi networks.

During the course of 2022, SecurityScorecard has been tracking multiple DDoS campaigns that have been targeting entities within the Ukrainian government, as well as other European government targets that are perceived to be allied with Ukraine government interests. One of the groups at the forefront of these DDoS attacks is the hacking collective known as KillNet.

Nowadays, it’s common to hear about yet another high-profile security breach in which critical data is leaked, resulting in damage to the organization’s reputation and bottom line. Unfortunately, it's impossible to remove all risks in your organization but there are ways to best protect against them and improve your security posture.

In today’s digitally-connected world, cyber risk is no longer a matter of probabilities, but certainties. This requires CISOs to rethink their reactive risk management program by evolving to embrace a proactive risk intelligence approach. With a risk intelligence-informed program, CISOs and their teams can continuously collect insights in a way that enables proactive, holistic, and data-driven decisions about security.

On May 5, 2022, the National Institutes of Standards and Technology (NIST) formally recognized outside-in third party security ratings and vendor risk assessment in their update to Special Publication 800-161. This update to federal standards specifically cites security ratings as a “foundational capability that "provide 14028." NIST SP 800-161 was designed to standardize supply chain risk management best practices for federal agencies and industry.

Third-party data breaches are one of the most concerning issues in cybersecurity today. You need your third parties to do business, but you can’t always trust (or verify) that their cybersecurity controls are as strong as they say, no matter how many questionnaires you send out. And of course, cybercriminals know that by hitting vendors rather than every single company separately, they can get the most ill-gotten gains for their effort.

Why is it that the most impressive technologies are often the ones that go unnoticed? Sometimes what makes technology impressive is precisely that it goes unnoticed, and that is the case with the Rubrik Data Observability engine. As ransomware continues to grow as a real, costly, and persistent threat to conducting business, organizations are looking for smarter and faster ways to keep data safe and recover easily in the face of cyber attacks.

Without a doubt, partnering with third parties has many advantages, including boosting the functionalities and performance of an organization. But despite the benefits, third parties also introduce a host of risks to an organization, potentially disrupting operations, affecting financial standing, and harming reputation. An understanding of third-party risk management regulations is essential in order to protect your organization from a security breach and maintain a positive security posture.

Instantly view your organization’s cybersecurity posture + continuously monitor and verify identity.

This blog is the latest in a series dedicated to Zhadnost, a Russia-aligned botnet first discovered by SecurityScorecard in March.

Cyber attacks on state and local governments continue to be on the rise. With more attacks targeting municipalities, there needs to be a push toward boosting cyber preparedness. Even though the risks remain at an all-time high for municipalities, the lack of budget and knowledge has caused officials to put cybersecurity on the back burner.

NIST (National Institute of Standards and Technology) is a federal agency under the responsibility of the US Department of Commerce. Established in 1901 to promote innovation and industrial competitiveness in the US, NIST helps organizations advance measurement science, technology, and standards to improve the quality of life for citizens and enhance economic security.

$132.94 billion. That’s the size of the cybersecurity market today. But despite the massive investment in money, time, and expertise, organizations have never been more at risk of an attack. What’s causing the disconnect? Despite all the effort to ensure security, there is an equally massive and growing effort to exploit vulnerable organizations.

The UK’s public sector has now had three months to digest the first UK Government Cyber Security Strategy and start building it into their short and long-term plans. With the strategy specifically calling upon public sector organisations to lead by example, the clock is ticking for action to follow the guidelines.

New York DFS is working with SecurityScorecard to further support the department’s first-in-the-nation cybersecurity efforts to modernize its supervision process. The New York Department of Financial Services (DFS) is now working with SecurityScorecard to modernize its approach toward regulatory oversight.

COBIT is an acronym for Control Objectives for Information and Related Technologies. The COBIT framework was created by Information Systems Audit and Control Association, ISACA to bridge the crucial gap between technical issues, business risks and control requirements. COBIT is an IT governance framework for businesses that want to implement, monitor and improve their IT management best practices.

When protecting an organisation against cyber attacks, the words security threats, vulnerabilities, risk exposure, and sometimes exploits are seen very commonly. Unfortunately, these terms are not used correctly or interchangeably and are often left undefined.

Your organization’s attack surface can be a tricky thing to monitor. In our connected world, it seems like your attack surface is always expanding. That’s probably true. Attack surface expansion has exploded, driven by cloud adoption, the use of SaaS (software as a service) tools, and the fact that so many organizations have come to rely on third-party vendors.