You and your board have the same goal: to drive your organization in the right direction. That makes everything easy, right? Well, not always. Whereas the problem used to be an overall lack of security awareness, boards now are very much aware of the business risk less-than-robust cybersecurity poses. Today, it’s all about communicating effectively and fluently, especially when introducing cybersecurity solutions.

Effectively evaluating risk goes a long way toward improving an organization’s cybersecurity posture. The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA’s partnership with SecurityScorecard will enhance their members’ ability to evaluate their own risk and that of their entire business ecosystem.

On October 5, a cyber incident disrupted the availability of three state government websites. The Russian-speaking KillNet group claimed responsibility. As discussed in previous SecurityScorecard research, KillNet began as a financially-motivated operation offering a botnet for hire. It has since remodeled to a hacktivist collective, conducting a series of relatively low-sophistication DDoS attacks against targets linked to entities perceived to oppose the Russian invasion of Ukraine.

The U.S. Transportation Security Administration (TSA) recently issued new cybersecurity regulations for passenger and freight railroad carriers to enhance cybersecurity resilience with performance-based measures. This security directive includes a new requirement for railroad carriers to build continuous monitoring policies and procedures. This is the latest of several recent initiatives on the U.S. state and federal levels requiring continuous monitoring of cyber risk.

Can you imagine a world without software? No, neither can I. The same goes for many other technology-based products, such as cell phones. Software is everywhere and it’s critical to businesses of all sizes. In this article, we discuss the software supply chain risk management process needed to protect your business from risks in the software supply chain and how that affects product development speed in what seems like an ever-changing market landscape.

The banking and financial sector is known for its dependence on third-party vendors that help provide customers with quality financial products and services. It is one of the most interconnected sectors, making it one of the most vulnerable to cyberattacks. And because third parties operate through the banks they are contracted with, any losses are the bank's responsibility.

The finance industry has the second highest average data breach costs at US$5.97 million per breach, according to IBM and Ponemon Institute’s 2022 Cost of a Data Breach report. While strict regulations force finance companies to invest heavily in protecting customer data, their third-party vendors don’t necessarily do the same. Finance security teams need a proactive approach to third-party risk management. Visibility into your vendor’s attack surface is critical.

Seeking to stay ahead of hackers, many researchers have asked themselves what drives cyber risk. And many cyber insurance carriers have wondered how to accurately underwrite and price the risk. According to preliminary results from SecurityScorecard’s joint work with our cyber insurance partners, the answer is clear but multi-faceted.

From nation-state threat actors to cybercriminals, today’s businesses face many cybersecurity threats. At the same time, organizations struggle to maintain a strong security posture because they have not yet shifted to a holistic approach to risk – one that combines a 360º view of the attack surface with the ability to communicate risk meaningfully and respond effectively.

Because information security has become increasingly important and businesses are heavily relying on worldwide connectivity, Cyber VRM solutions are necessary to protect against emerging cyber threats and secure data effectively. However, managing vendors, in addition to their cyber risks, can be a challenging and time-consuming effort that requires more efficient solutions.

Using best practices for cyber vendor risk management (Cyber VRM), organizations can identify, assess, and remediate their third-party vendor risks specifically related to cybersecurity. Organizations can utilize information attained from security ratings, data leak detection, and security questionnaires to evaluate their third-party security postures using dedicated Cyber VRM solutions.

The government of a U.S. county announced on September 11 that a recent cyber incident had disrupted its online services. Subsequent coverage of the event has noted that it strongly resembles a ransomware attack. The disruption comes against a backdrop of frequent ransomware activity targeting state and local governments and the education sector.

Spoiler alert: The answer is yes. But not in the way you might expect. Unless you live in an enchanted land where mermaids feed you healthy beer for breakfast, your security budget has probably shrunk recently. The good news is that this can be good news because determining with ruthless clarity the effectiveness (or ineffectiveness) of your cybersecurity program will help you take deliberate steps to improve it with an efficient spend.

When you choose to work with a third party, there's always the risk that they will cause your business harm. The right tools can help you make better-informed decisions about the vendors you choose and spot problems before they occur. Third-party vendors are an important part of any business, but it's important for employers to understand what the risks are when working with these partners.

As cybercriminals discover new ways to expand the threat landscape, cyber security professionals need to be able to predict their next move and stay ahead of evolving cyber threats. But in order to do so, businesses must be aware of their vulnerabilities, have a clear view of their cybersecurity posture, and have an understanding of their associated risks.

IT risk management and cybersecurity are two essential practices that define the effectiveness and security structure of modern organizations. IT risk management is the process of managing and mitigating risks via careful planning, specialized systems, guidelines, policies, and decisions across various sectors, not just cybersecurity. With IT risk management, the IT staff is focused entirely on IT risk mitigation.

In late August, a technology provider that offers student loan account management and payment services submitted a breach notice indicating that a compromise detected on July 22 exposed 2.5 million individuals’ data, including their names, contact information, and social security numbers. At present, neither the breach notice nor subsequent reporting have provided detailed insights into the nature of the breach, noting only that it likely began in June and continued until July 22.

We’re excited to announce a new way to monitor all of the companies you care about, but maybe don’t need all the granular security data on. Watch List lets you monitor the high-level score information of companies you care about without consuming a more detailed Portfolio slot.

Chief Information Security Officers know all about the “Sea of troubles,” and they experience “slings and arrows” daily. In mid-September, we saw a breach of Uber that threatened to undo the company’s security program - for exposing a fairly easy path to super admin privileges across most (if not all) of its infrastructure and security tools like GSuite, AWS, and HackerOne private vulnerability reports. The stakes are high.

As a CIO in charge of your organization's security, you're responsible for ensuring the security of your company's data. But with so many cybersecurity threats out there, it can be difficult to know where to start. Should you focus on conducting a vulnerability assessment? Or is a risk assessment more important? In this article, we will discuss vulnerability vs risk, cyber threats, and protecting sensitive data.