Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

December 2022

The Value of Cybersecurity Professional Services for Organizations

Cybersecurity is a trending topic among boards and executives. Yet, many organizations need more technical capabilities to prepare and respond effectively to cyber incidents and regulatory requirements. Let’s explore what cybersecurity professional services really are and how they can help take an organization’s security to the next level.

Top 9 Vendor Risk Management Software for Infosec Pros in 2023

No single organization can master all trades, which is why their success hinges heavily on their vendors. And if vendors are crucial for your business operations, it’s necessary to manage them as if your success depended on it–because it does. Yet, until recently (2016), only a third of companies knew how many vendors accessed their systems each week.

The 7 Most Significant Hacks of 2022

At SecurityScorecard, we like to look ahead and focus on the future. However, the past can also teach us some valuable lessons, particularly in cybersecurity. 2022 was quite an eventful year in the space, with many high-profile attacks, including full-blown cyber warfare. Out of all threats we saw this past year, a few stood out. This article will cover seven of the most dangerous cyber threats of 2022, in no particular order.

SecurityScorecard Empowers Customers to Maximize their Security Investments by Providing a One-Stop Shop with Dramatically Expanded Partner Marketplace

As demand for greater security visibility accelerates, SecurityScorecard Marketplace, the one-stop shop for trusted SecurityScorecard partner solutions, has gained significant momentum. In 2022, the Marketplace partner ecosystem expanded by 80% to now include more than 90 technology and integration partners, including OneTrust, Coupa, CSC, CrowdStrike, IBM, Splunk, and Snowflake.

Obrela Cybersecurity Predictions 2022

As 2021 draws to a close, it is safe to say the year has been a blockbuster for cybercrime. We have witnessed attacks on critical national infrastructure, which have impacted the supply of consumer commodities. We have seen law enforcement clamp down on cybercriminals, taking down some of the most ruthless operations that have wreaked havoc on organisations and consumers across the globe.

Breaches Happen; Stop Playing the Blaming Game

A classic cybersecurity storyline: there is executive tension over cybersecurity spending, the company gets breached, and a blame game between the CISO and their peers ensues, resulting in the termination of the CISO as a form of remediation. Reports indicate that only 27% of CISOs stay in their role at a company for three to five years.

How to Answer a Third-Party Security Assessment & Questionnaire

A third-party questionnaire is a list of questions that vendors complete to help organizations understand their vendors’ security posture, vulnerabilities, and compliance with industry standards (including, but not limited to SOC 2, ISO 27001, etc.). However, if this questionnaire is completed incorrectly, organizations can face a series of unknown third-party risks.

SecurityScorecard and Netskope Partner to Help Customers Reduce Risk with Their Mission Critical Cloud Applications

Cloud transformation and work from anywhere changed how security needs to work. Surveying done for the Verizon Mobile Security Index showed that 79% of IT and security professionals agree recent changes to working practices had adversely affected their organization’s Cybersecurity. One key reason modern working practices make security more challenging is each new SaaS application adopted by employees expands the attack surface and opens a new door for potential risks.

Introducing Third-Party Vulnerability Detection

Learn how Bitsight Third-Party Vulnerability Detection empowers third-party risk professionals to find and remediate threats - including major security events - more quickly within their vendor portfolio. Identify exposure and mitigate risk more easily with critical insights into the impact on your organization’s third parties.

BitSight for Fourth Party Risk Management

Learn how BitSight for Fourth-Party Risk Management, helps you uncover deep insights into the most crucial and concentrated risk in your extended vendor network so you can proactively manage and remediate risk. With our latest enhancements, you can address concentrated risk within your extended vendor network in a more scalable and efficient way.

Using a Ransomware Assessment to Identify Gaps & Risks

FSIs face a myriad of challenges, and the impact has resulted in a 1,318% increase in ransomware attacks in 2021. Given the increasing sophistication of these attacks, there is a growing need for FSI’s to understand their level of risk and to implement a proactive approach to defending themselves.

Understanding the U.S. State and Local Cybersecurity Grant Program

With over 90 thousand different state and local governments across the U.S., creating a unified approach to cybersecurity and defending all of these counties, cities, territories, states, and commonwealths is not only in each of their interests, but the national interest as well.

2022 End of Year Roundup

In recent times it has become clear to organizations that the handling of data is a very important matter, as the exposure or misuse of data are both a serious threat to an organization's financial standing and reputation, and must be accounted for in each organization's risk posture. In terms of high-profile data breaches, this year has been no different than previous years, seeing its fair share of ransomware attacks and data exposure.

Hackers Are Using These 3 Techniques to Bypass MFA

There’s no denying that multi-factor authentication (MFA) is an essential security measure that significantly improves an organization’s cyber posture. However, there is no silver bullet in cybersecurity. Though multi-factor authentication proves extremely helpful, determined and resourceful cybercriminals can still find techniques to bypass it. Let’s look at some frequently-used methods cyber-attackers leverage to bypass MFA.

Managing Risks with SASE, SSE, and Zero Trust

In the first part of this blog series, I took a look at how an understanding of digital strategy and digital risk is key to starting a security transformation journey. In this post, I am digging further into how a secure access service edge (SASE) architecture with security service edge (SSE) capabilities and zero trust principles can help mitigate the types of digital risk I outlined in part one.

New Feature: Custom Damage Types

Custom Damage Types provide users with the ability to add specific types of damages that will be taken into consideration as part of the modeling process when quantifying financial exposure. This means, organizations now have a unified view of costs that consider company specific data alongside out of the box modeled costs. Users will need to provide a range of possible costs and create a scenario that triggers assigned costs.

Cybersecurity Is the Most Prevalent ESG Issue We're Not Talking About

While the focus on Environmental, Social, and Governance (ESG) issues has gained traction in recent years, both within boardrooms and investment spaces, the focus on carbon credits and workforce diversity has diverted the existential crisis that companies face from cybersecurity. Just as carbon is the byproduct of the third industrial revolution, cybersecurity is the byproduct of the fourth industrial revolution that we continue to live through.

How to Extend Your Digital Transformation Efforts to Your GRC Program

Digital transformation is no longer a new concept – various business functions have already embraced cutting-edge technology to stay ahead of the curve. From IT, sales, and marketing to customer support and even finance, it is evident that most departments understand how integral the transformation is to gain a competitive advantage and continue to win customers. However, when it comes to Governance, Risk management, and Compliance (GRC), most are still stuck with archaic, ad-hoc processes.