One of the most common misconceptions about cybersecurity is that the responsibility and ownership sits solely on the shoulders of the CISO and the security team. Common assumptions are anything related to cybersecurity, a security issue or security initiative resides with the security team and the Chief Information Security Officer (CISO). Phishing attacks? That’s a problem for the security department. Vetting vendors and third parties? That belongs to the vendor management team.

Digital transformation changes the perimeter. When organizations had all their applications on-premises, the network firewall kept the right users inside the gate and malicious actors outside. However, the move to the cloud changed all that. In today’s hyper-connected ecosystem, understanding the components and types of access control can help you strengthen security.

Many businesses are shifting workloads to the cloud in an effort to increase efficiency and streamline workloads. In fact, according to the Flexera 2021 State of the Cloud Report, roughly 90% of enterprises anticipate cloud usage will expand even further as a result of COVID-19. While cloud computing can offer organizations a competitive advantage, it is important not to rush into cloud adoptions without understanding the risks involved as well.

SecurityScorecard’s Investigations & Analysis team conducted an investigation into the details surrounding the USAID.gov attack. As has been previously reported, the attack has been potentially attributed to the organization commonly known as Cozy Bear, but our investigation found that the campaign is likely much larger, and began much earlier than has been reported.

The data privacy regimes in Russia, China, and the United States are very different from the regimes elsewhere. The financial lure of selling to, or processing data on, EU residents is strong, which has led other countries to adopt the General Data Protection Regulation (GDPR) or something like it. Russia, China, and the United States are large enough for other forces to dominate, including the desire to have their citizens’ data stored locally, as we’ll see.

One of the key reasons SecurityScorecard commissioned Forrester Consulting to conduct a Total Economic Impact™ (TEI) Study was to help the market move on from using spreadsheets as a Vendor Risk Management (VRM) tool. The primary reason for IT teams to look at SecurityScorecard or any other VRM automation platform is simple. IT (Information Technology) will help IT teams get better leverage on their two rarest commodities in the security world, time and talent.

Cybersecurity is more than “just” technology these days. With legislative bodies increasingly writing more laws, technology and legal terminologies have become more intertwined than ever before. As organizations build cyber risk strategies, they need to understand risk mitigation’s underlying goal. This is why understanding the difference between due care and due diligence is important to how you set your risk mitigation strategies.

The old saying “it takes a village” applies to many things in life, including securing your organization. Security is a team sport that requires a variety of solutions and providers — such as a firewall, endpoint protection, security information and event management (SIEM), threat intelligence provider, IT service management (ITSM), governance, risk, and compliance solution (GRC), and cloud access security broker (CASB) — to name a few.

Cybersecurity can seem intimidating, especially when you’re not already familiar with security and IT. There are so many threats and a lot of terms you need to know in order to understand the countermeasures that can help keep your data safe from attackers. What is an attack surface, after all? And what’s a rootkit? Non-technical employees and decision-makers might find their eyes glazing over when cybersecurity terms start getting thrown around.

SecurityScorecard also found that 1 in 5 of the world’s food processing, production, and distribution companies rated have a known vulnerability in their exposed Internet assets