70% of the data breaches involve the negligence of a 3rd party. Let’s understand this with Target’s classic example. In 2013, they were using a contractor, Fazio, to do maintenance of their air conditioning systems. The hackers got into the Fazio systems and used it as a jumping pod to infiltrate and hack into Target’s infrastructure. Big companies like Audi and Volkswagen have also suffered such cyberattacks due to 3rd party negligence.

SecurityScorecard is the global leader in cybersecurity ratings, empowering you with trusted data and the confidence to make smarter and faster decisions. Security ratings give you an outside-in view of the cybersecurity posture of any organization in the world across ten key risk factor groups. Our Automatic Vendor Detection (AVD) instantly gives you a view of your entire third and fourth-party ecosystem, enabling you to visualize and take proactive steps to mitigate risk.

This video demonstrated the new capabilities of the Digital Footprint feature in Ratings.

Our cybersecurity architectures need to be resilient, not robust. Let’s understand with an example: Egyptian pyramids are robust. They have stood the test of time for 1000s of years. But they're not resilient. If you blow one up with dynamite, it will explode. On the other hand, a coral reef is resilient. If you break off a part of it, it regenerates itself. Similarly, in cybersecurity, we need to have the mindset of resilience, recovery, and recuperation.

Here are 3 common mistakes chief security officers (CSO) make: Not prioritizing risks: Certain things might feel risky, but they’re not, while certain other things might feel safe, but they’re risky. Example: A turbulent flight feels dangerous but is often not, whereas passive smoking might feel safe but is highly risky. A good CSO can differentiate between what “feels” risky and actual risk. This allows them to prioritize and mitigate risks effectively. Not alternating between business and technical hats.

Here are simple cyber hygiene practices to get ahead of 95% of companies: Hackers today have tools that can find 1000s of easy targets that have bad cyber hygiene with a single click. Here’s an analogy: Imagine you’re a burglar walking in a neighborhood, thinking which house to break-in. While all the houses look perfect, there is one that looks abandoned with broken doors, an unkempt lawn, and graffiti on the wall.

The hackers succeed because they know your attack surface better than you do. - Rob Joyce. For example, a lot of times, companies spin up a QA server and then forget about it, which then becomes an easy target for hackers to break into the company. Companies need to maintain a good cyber hygiene by taking care of the basics. An example of a bad cyber hygiene is a website that shows Copyright 2010 in 2022.

“Alex, I don’t think you are doing a good job,” said the chairman as I presented my progress. I was shocked. At that time, I was working as the Chief Security Officer at Gilt Groupe. He continued, “...because people aren’t complaining. If you were making enough changes, I’d hear more people complaining about you.” It was this ironic moment that gave birth to SecurityScorecard as I realized that companies have no KPIs to know how they’re doing on the cybersecurity front.

Watch a video message from Aleksandr Yampolskiy, SecurityScorecard CEO & Co-Founder and Ondrej Krehel, LIFARS' CEO & Founder, about the customer benefits of this winning combination.

What would you do, if you could predict a data breach? In this webinar recording, Penguin, Sainsbury’s, Tesco, and others will show how they use SecurityScorecard to predict and prevent data breaches. They will explain how they engage with their subsidiaries and suppliers, showing you how hundreds of breaches have been predicted in 2021 and what that means for 2022.