More than two years after the major U.S. pipeline ransomware incident, the SecurityScorecard Threat Research, Intelligence, Knowledge, and Engagement (STRIKE) Team has released a new report revealing that 90% of the largest global energy companies have experienced a third-party breach in the past 12 months. This research highlights the uphill battle faced by the energy industry in combating emerging threats across the supply chain.

The risk of data breaches has become an omnipresent concern for businesses and organizations. And as technology continues to evolve, so do the tactics of cybercriminals. One critical aspect of cybersecurity strategy involves preparing for and responding to third-party data breaches. A well-constructed response playbook is indispensable in mitigating the potential damages and ensuring a swift recovery.

On November 25, the U.S. municipal water authority in Aliquippa, Pennsylvania confirmed that one of its booster stations had suffered an attack by a threat actor group that supports Iranian geopolitical interests. The attack by a cyber group known as CyberAv3ngers compromised a programmable logic controller (PLC) for a water pressure monitoring and regulation system. Officials, however, have made it clear that the incident did not threaten local drinking water or water supplies.

In today’s interconnected business environment, third-party partnerships are essential for growth and operational efficiency. However, these collaborations bring inherent risks, especially in the realm of cybersecurity. Effective third-party risk management is crucial for safeguarding sensitive data and maintaining business continuity.

In an era where businesses are increasingly reliant on third-party vendors for essential services, the significance of a resilient third-party risk management program cannot be overstated. Third-party partnerships can expose organizations to various risks, especially in the domain of cybersecurity. This guide aims to help businesses in building a robust third-party risk management program that is adaptable to the ever-evolving landscape of cyber threats and dynamic business needs.

The landscape of cybersecurity is ever-evolving, and staying one step ahead of cyber threats has become imperative for organizations. Traditionally, many businesses have adopted a reactive approach to cybersecurity, responding to threats and breaches as they occur. However, this approach is no longer sufficient in today’s digital world. Shifting to a proactive stance, powered by threat intelligence, is crucial for enhancing an organization’s security posture.

In the rapidly evolving digital landscape, the approach to cybersecurity has shifted significantly. Proactive cybersecurity has become a necessity rather than a choice, with threat intelligence playing a pivotal role in this paradigm shift. This post explores how threat intelligence forms the cornerstone of a proactive cybersecurity strategy, focusing on its role in predicting and preventing cyber attacks, thereby enhancing an organization’s security posture.

On November 20, the Idaho National Laboratory (INL) confirmed that it had suffered a data breach. The confirmation followed the SiegedSec threat actor group’s circulation of claims that it had “accessed hundreds of thousands of user, employee and citizen data” on social media and hacking forums.

The SecurityScorecard Threat Research, Intelligence, Knowledge, and Engagement (STRIKE) Team has conducted further research into the indicators of compromise (IoCs) that SysAid shared when disclosing a new vulnerability in its on-premise software last month.

In the rapidly evolving digital landscape, the importance of a well-constructed cybersecurity plan cannot be overstated. However, the effectiveness of any cybersecurity strategy significantly depends on how well it integrates threat intelligence. Threat intelligence involves understanding, analyzing, and using knowledge about existing and potential cyber threats to make informed security decisions.