Product News

Find out about our new product features, the latest platform changes, and discover company announcements before anyone else.

Risk Management

Stay up to date on third-party risk management best practices and techniques, and learn about new regulations for third party risk.

Security Research

Keep up with research around the biggest data breaches, malware infections, IoT risks and all the latest news in cybersecurity.


How New Technology is Bringing Risk to the Healthcare Industry

How New Technology is Bringing Risk to the Healthcare Industry

  The Internet of Things (IoT) is increasingly becoming a popular topic of choice in the cybersecurity industry and for unfortunate reasons. In short, the Internet of Things is the name applied to a wide variety of devices that connect to the internet. These can be routers, cameras, smart light bulbs, and medical devices. Unfortunately, … Continued

Read More
How IoT Is Responsible for the Massive DDoS Attack

How IoT Is Responsible for the Massive DDoS Attack

On Friday morning, October 21st, East Coast internet users found themselves unable to access major websites such as Spotify, Twitter, Netflix, and Reddit, among others. Reports quickly came out detailing that the reason for the internet outage was due to a massive DDoS attack leveraged against Dyn, an internet infrastructure company that provides DNS services … Continued

Read More
3 Security Approaches CISOs Must Embrace To Mitigate Third Party Risk

3 Security Approaches CISOs Must Embrace To Mitigate Third Party Risk

  Guest post by Sam Kassoumeh, COO and co-founder of SecurityScorecard. A seasoned cybersecurity professional, he has been the Head of Security and Compliance at Gilt and led Global Security at Federal-Mogul. Sam has over 10 years of experience leading security teams. In this guest blog post, Sam offers a critical perspective of how CISOs … Continued

Read More
Information Security and The Rio Games: Was Brazil Ready?

Information Security and The Rio Games: Was Brazil Ready?

  On Friday August 5th, the Rio Olympics kicked off and millions of eyes eagerly anticipated the start of the games. In the eyes of information security, a tentative breath was held to see if a major security incident would affect the opening ceremony or any subsequent events. Large sporting events are increasingly becoming an … Continued

Read More
What Brexit Means for The Cybersecurity Industry

What Brexit Means for The Cybersecurity Industry

  In late June, the United Kingdom (UK) held a referendum on whether or not the UK would continue to be a member of the European Union (EU). The UK voted to leave the EU, a decision dubbed as the ‘Brexit.’ The initial consequence of the Brexit looked grim and despite some recovery, the fallout … Continued

Read More
How Big is the End-Of-Life Cybersecurity Problem? [INFOGRAPHIC]

How Big is the End-Of-Life Cybersecurity Problem? [INFOGRAPHIC]

  End-of-Service or End-Of-Life (EOL), is a term applied to hardware or software when a manufacturer stops supporting it with any updates. This can be very problematic since any vulnerabilities that are found (and can subsequently be exploited by hackers) will never be patched. This can cause widespread damage if a software, such as an operating … Continued

Read More
Announcing the Security Roundup Newsletter

Announcing the Security Roundup Newsletter

Introducing the Security Roundup Newsletter. The Security Roundup is our weekly curated newsletter made up of the most interesting and important developments in the cybersecurity space. Our Director of Architecture, Sean Smith, provides his research and analysis on content scoured across the web, ranging from new developments on a strain of ransomware, how Google is … Continued

Read More
How Big Is the U.S. Government Cybersecurity Problem?

How Big Is the U.S. Government Cybersecurity Problem?

A look at recent data breaches and how the government is reacting. It seems like the US government is more and more often falling prey to hackers, whether it’s from nation-sponsored organizations or independent organizations. Two government data breaches made the list of Network World’s list of ‘Biggest data breaches of 2015’ citing an IRS … Continued

Read More
Why A Holistic View Is Key To Accurate Security Ratings

Why A Holistic View Is Key To Accurate Security Ratings

SecurityScorecard’s co-founders, former CISOs, were struggling with the fact that they were able to understand their own security posture but didn’t have that same confidence when it came to determining an accurate security rating for their partners and vendors. They created SecurityScorecard to fill the gap in the market. The use of third-party cloud-based companies … Continued

Read More
The Healthcare Industry Currently Faces A Growing Cyber Security Crisis

The Healthcare Industry Currently Faces A Growing Cyber Security Crisis

  Hospitals are where you go to get healthy, but they are increasingly becoming playgrounds for hackers, owing to weak cyber security measures. A couple of weeks ago, networks of the Hollywood Presbyterian Medical Center, a California-based hospital, were held hostage, reportedly to the tune of 9,000 bitcoin or over $3.6 million. This isn’t a … Continued

Read More
A Security Analysis of ​the VTech Data Exposure

A Security Analysis of ​the VTech Data Exposure

Hacker Goes Directly to Media to Expose VTech Security Issues The Hong Kong-based toy company, VTech, recently experienced a data breach that exposed the customer data of 6.2 million children and 4.9 million adults across 13 different countries, with the bulk from the U.S.. VTech has a number of electronic toys, some which are using … Continued

Read More
Hilton and Starwood Data Breaches Spotlight Retail Malware

Hilton and Starwood Data Breaches Spotlight Retail Malware

Point of Sale Malware at Retail Stores Inside Hilton & Starwood Hotels The last few weeks have seen several major hotel chains including Starwood Hotels and Hilton Hotels report data breaches targeting the credit card data used at retail outlets inside the hotels. In both cases, Point of Sale (PoS) malware was the attack culprit. … Continued

Read More
An Analysis of the Pearson VUE Data Breach

An Analysis of the Pearson VUE Data Breach

Cisco Shuts Down Cert Tracker After Pearson Breach A third party technology examination company, Pearson VUE, was recently a victim of a malware attack that has exposed personal user data and passwords, according to Network Computing. Pearson VUE is one of the largest handlers of technology exams for companies and organizations that test individuals for … Continued

Read More
The Holiday Shopping Season's Retail Security Reality

The Holiday Shopping Season’s Retail Security Reality

Ranking Retail Security: Web Applications & Legacy Systems Are Weak Black Friday and Cyber Monday are almost here. Earlier this week, we released our 2015 Retail & eCommerce Security Report that examines a variety of security risk trends and problem areas within the top and bottom 10% of retail companies which represent roughly 200 retail … Continued

Read More
Tips for Vetting the Security of Cloud Service Providers

Tips for Vetting the Security of Cloud Service Providers

How to Vet Cloud Vendors and Make Sure CSPs Are Used Securely A modern enterprise uses the cloud and cloud service providers (CSP), period. Your employees might use DropBox or OneDrive to access work data remotely. You might communicate with your vendors mostly through a portal that accepts invoices and generates work orders. At the top … Continued

Read More
New Research Calls Out Today's Vendor Risk Challenges

New Research Calls Out Today’s Vendor Risk Challenges

New ESG Report: “Intelligence-driven Vendor and Supplier Security Risk Management” A recent study conducted by Enterprise Strategy Group (ESG), an IT research and strategy firm based in Milford, MA, looks at the issue of third party supplier and partner security in depth. The new report discusses approaches to today’s vendor risk management challenges and emerging technology solutions … Continued

Read More
SecurityScorecard Honored to Be a Part of the SINET 16 Showcase

SecurityScorecard Honored to Be a Part of the SINET 16 Showcase

SecurityScorecard Wins Coveted Innovation Award SecurityScorecard was recently named a top 16 winner from SINET, the Security Innovation Network. SINET chose SecurityScorecard as one of the winners out of over a hundred security companies. SecurityScorecard is one of the youngest companies on the winning roster. Our CEO and Co-founder, Dr. Aleksandr Yampolskiy, is presenting today … Continued

Read More
How Shadow IT Complicates Vendor Risk Management

How Shadow IT Complicates Vendor Risk Management

Third Party Dangers in Shadow IT The shadow information technology (IT) services provided by unknown third-party vendors introduce multiple risks. Any time data is moved to a vendor or accessed outside the corporate network by a third- or fourth-party, the risk of loss increases. Companies have, in one sense, lost control of IT. A Forbes article reported … Continued

Read More
Third Parties a Major Culprit in Healthcare Breaches

Third Parties a Major Culprit in Healthcare Breaches

Healthcare Breaches Cannot Be Ignored There have been two notable healthcare breaches in the last month: Upstate New York healthcare provider, Excellus Blue Cross Blue Shield, recently reported over 10 million patients’ records were breached. Systema Software, a Larskpur, California-based third party claims software provider, had data of 1.5 million customer claims data exposed on … Continued

Read More
Use Vendor Risk Management Templates to Establish a Baseline

Use Vendor Risk Management Templates to Establish a Baseline

Level the Vendor Risk Playing Field With Templates Two facts have radically transformed vendor risk management and the need for template use in just the past few years:   There’s increased awareness that vendors are often the weak links that allow data breaches to occur; Federal regulators are increasingly vocal about the need for aggressive … Continued

Read More