Consolidate and Integrate Vendor Risk Data
Consolidate and Integrate Vendor Risk Data
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
SecurityScorecard
Optimize and Automate
SecurityScorecard Co-Founder and Chief Operating Officer Sam Kassoumeh shares Tip #1 from our ebook, 5 Ways to Secure Your Organization in Turbulent Times: Optimize and automate your business ecosystem risk management (aka your third-party risk management) program - to save time and reduce risk.Your security posture is never just your security posture. In this hyperconnected cloud ecosystem, it’s a combination of your own, your vendors’, their vendors’, and so on. Learn how the cyber health of your ecosystem can grow trust and integrity with your clientbase, and also maintain business continuity.
Key Cybersecurity KPIs to Report to the Board
As a CISO, you need to talk to your board members in their language. Here are 2 hacks to do that: Speak in terms of financial cyber risk quantification. Don’t tell them, “I deployed the Prolexic solution to mitigate DDoS attack on 121.1.2.3/24 network.” That won’t make an impact on them. Tell them, “I'm going to save potentially up to $5 million in an outage by spending $200,000 on a device to mitigate ransomware attacks.” Compare your organization with competitors.
Enable Faster Business Growth
Improving your organization’s cybersecurity posture increases trust with your clients and partners, and enables faster business growth. In times of economic uncertainty when budgets tighten, it’s critical to make that connection. In this video series, SecurityScorecard Co-Founder and Chief Operating Officer Sam Kassoumeh shares tips from our ebook, 5 Ways to Secure Your Organization in Turbulent Times, on how security teams can reduce risk by over 85% while ensuring that security investments deliver tangible value.
Measuring Cyber Hygiene
What you can’t measure, you can’t improve. In cybersecurity, nothing like this existed until SecurityScorecard came along. We introduced a set of objective KPIs that are trustworthy, accurate, and could be used to compare companies to each other. We do this by assembling hundreds of different signals across different categories of risk, such as application security, network security, endpoint security, leaked credentials, and shared records.
How to Build a Culture of Urgency
Darwin said it's not the strongest or the smartest that survive and thrive, but the quickest to adapt to change. Speed is everything if you want to run a company successfully. To do that, you need to build a culture of operating with urgency. That doesn’t mean you run frazzled or do a million things simultaneously. Nor does it mean being too flexible and nice when dependent teams tell you, “Go wait.”
What It Means to Be Customer-Obsessed
At Amazon, Jeff Bezos was famous for having an empty chair in the meeting room that represented the customer. I admire him for that because as the organization grows, it's easy to have meetings that are so focused on metrics, KPIs, internal execution, etc. that you lose sight of the customer. Here’s how we practice being customer-obsessed at SecurityScorecard: We make sure that we start every meeting by sharing customer insights, such as.
What are Tabletop Exercises? How They Can Improve Your Cyber Posture
According to the latest IBM Cost of a Data Breach Report, the average breach costs $4.35M per incident, climbing by 12.7% from 3.86 million USD in IBM’s 2020 report. This does not account for lost business opportunities and lingering reputational damage. A cybersecurity tabletop exercise could substantially reduce this amount simply by having a well-thought-out incident response plan and effectively exercising business continuity plans.
Security Insights on the Low-Code / No-Code Attack Vector
The August 4th compromise of Twilio via a targeted smishing attack has been a topic of wide concern and discussion on social media. My first thoughts on hearing of the attack were to virtually “pat myself down” with regard to exposure risk. Kind of like that feeling when you’re not sure if your car keys or wallet are in your pocket a few blocks after walking away from your parking space. Is my company affected by the breach? Did we receive a notification email from them?
TTPs Associated With a New Version of the BlackCat Ransomware
The BlackCat/ALPHV ransomware is a complex threat written in Rust that appeared in November 2021. In this post, we describe a real engagement that we recently handled by giving details about the tools, techniques, and procedures (TTPs) used by this threat actor. Firstly, the attacker targeted an unpatched Microsoft Exchange server and successfully dropped webshells on the machine.