In today’s digitally-connected world, cyber risk is no longer a matter of probabilities, but certainties. This requires CISOs to rethink their reactive risk management program by evolving to embrace a proactive risk intelligence approach. With a risk intelligence-informed program, CISOs and their teams can continuously collect insights in a way that enables proactive, holistic, and data-driven decisions about security.

On May 5, 2022, the National Institutes of Standards and Technology (NIST) formally recognized outside-in third party security ratings and vendor risk assessment in their update to Special Publication 800-161. This update to federal standards specifically cites security ratings as a “foundational capability that "provide 14028." NIST SP 800-161 was designed to standardize supply chain risk management best practices for federal agencies and industry.

Third-party data breaches are one of the most concerning issues in cybersecurity today. You need your third parties to do business, but you can’t always trust (or verify) that their cybersecurity controls are as strong as they say, no matter how many questionnaires you send out. And of course, cybercriminals know that by hitting vendors rather than every single company separately, they can get the most ill-gotten gains for their effort.

Without a doubt, partnering with third parties has many advantages, including boosting the functionalities and performance of an organization. But despite the benefits, third parties also introduce a host of risks to an organization, potentially disrupting operations, affecting financial standing, and harming reputation. An understanding of third-party risk management regulations is essential in order to protect your organization from a security breach and maintain a positive security posture.

Instantly view your organization’s cybersecurity posture + continuously monitor and verify identity.

This blog is the latest in a series dedicated to Zhadnost, a Russia-aligned botnet first discovered by SecurityScorecard in March.

Cyber attacks on state and local governments continue to be on the rise. With more attacks targeting municipalities, there needs to be a push toward boosting cyber preparedness. Even though the risks remain at an all-time high for municipalities, the lack of budget and knowledge has caused officials to put cybersecurity on the back burner.

$132.94 billion. That’s the size of the cybersecurity market today. But despite the massive investment in money, time, and expertise, organizations have never been more at risk of an attack. What’s causing the disconnect? Despite all the effort to ensure security, there is an equally massive and growing effort to exploit vulnerable organizations.

New York DFS is working with SecurityScorecard to further support the department’s first-in-the-nation cybersecurity efforts to modernize its supervision process. The New York Department of Financial Services (DFS) is now working with SecurityScorecard to modernize its approach toward regulatory oversight.

Your organization’s attack surface can be a tricky thing to monitor. In our connected world, it seems like your attack surface is always expanding. That’s probably true. Attack surface expansion has exploded, driven by cloud adoption, the use of SaaS (software as a service) tools, and the fact that so many organizations have come to rely on third-party vendors.