Product News

Find out about our new product features, the latest platform changes, and discover company announcements before anyone else.

Risk Management

Stay up to date on third-party risk management best practices and techniques, and learn about new regulations for third party risk.

Security Research

Keep up with research around the biggest data breaches, malware infections, IoT risks and all the latest news in cybersecurity.

New SecurityScorecard Research Can Help You Detect a Data Breach Before It Happens

As a security company, we’re committed to empowering security professionals with the knowledge, and technology necessary to maintain their organization’s security and ensure that they can keep up with the always-evolving threat landscape. We’re happy to announce new predictive research that organizations can use to better secure their networks and react to any changes in … Continued

Why Employees Are Your Most Vulnerable Asset: Social Engineering Explained

Why Employees Are Your Most Vulnerable Asset: Social Engineering Explained

  Verizon’s 2016 Data Breach Investigations Report marked Social Engineering attacks as the 3rd highest threat action, behind hacking and malware. Those attacks have been rising over the years due to the relative ease of execution and lack of technical knowledge needed. Social Engineering, unlike common hacking methods such as brute-forcing, cross-site scripting, or keylogging, … Continued

Read More
Information Security and The Rio Games: Was Brazil Ready?

Information Security and The Rio Games: Was Brazil Ready?

  On Friday August 5th, the Rio Olympics kicked off and millions of eyes eagerly anticipated the start of the games. In the eyes of information security, a tentative breath was held to see if a major security incident would affect the opening ceremony or any subsequent events. Large sporting events are increasingly becoming an … Continued

Read More
A Security Analysis of ​the VTech Data Exposure

A Security Analysis of ​the VTech Data Exposure

Hacker Goes Directly to Media to Expose VTech Security Issues The Hong Kong-based toy company, VTech, recently experienced a data breach that exposed the customer data of 6.2 million children and 4.9 million adults across 13 different countries, with the bulk from the U.S.. VTech has a number of electronic toys, some which are using … Continued

Read More
Hilton and Starwood Data Breaches Spotlight Retail Malware

Hilton and Starwood Data Breaches Spotlight Retail Malware

Point of Sale Malware at Retail Stores Inside Hilton & Starwood Hotels The last few weeks have seen several major hotel chains including Starwood Hotels and Hilton Hotels report data breaches targeting the credit card data used at retail outlets inside the hotels. In both cases, Point of Sale (PoS) malware was the attack culprit. … Continued

Read More
A Closer Look at Experian’s Scorecard

A Closer Look at Experian’s Scorecard

T-Mobile & Experian: The Fallout From Big Brand Breaches Update: Class-action lawsuits for Experian are increasing, according to The Hill. Experian, who released half-year financials yesterday, was quoted as saying: “It is currently not possible to predict the scope and effect on the Group of these various regulatory and government investigations and legal actions, including their timing … Continued

Read More
The 10 Best & Worst College & University Security Rankings

The 10 Best & Worst College & University Security Rankings

A University Security Audit for 2015 Data breaches and data theft at colleges and universities are a very common occurrence. From the 80,000 students recently affected at California State colleges to the 29 employee records hacked at the University of Calgary last week in Canada, higher education is a frequently targeted playground for security attacks. This week, Rutgers University … Continued

Read More
Addressing The Vendor Risk Management Dilemma

Addressing The Vendor Risk Management Dilemma

It has happened in retail, in hotels, in healthcare, and in many other verticals with many suppliers or partners. Exactly how has vendor risk management missed the mark so often? It has become an old story. A large company’s network is gravely breached and, after weeks of investigation, a finger is pointed at a minor … Continued

Read More
The Vendor Risk Checklist You Need Before Signing a Contract

The Vendor Risk Checklist You Need Before Signing a Contract

Validate Vendor Risk Management with a Security Checklist We’ve compiled a checklist of items that your company can use to protect its infrastructure whenever it starts working with a new vendor, as part of routine vendor risk management processes. A vendor’s systems can be a threat to you  when both parties’ systems are connected together. This … Continued

Read More
The Security of Mobile Apps Starts and Ends With Developers

The Security of Mobile Apps Starts and Ends With Developers

Third Party Development Adds to the App Security Dillema According to a story from Business Insider, mobile device users spend 86 percent of their time using mobile apps, as opposed to the mobile web. Businesses cite the rapid adoption of apps as a way to cut costs and increase productivity, but apps suffer from insecure … Continued

Read More
Security DNA Is the Foundation of SecurityScorecard

Security DNA Is the Foundation of SecurityScorecard

SecurityScorecard Expands Security Talent with New Hire Today, we announced the appointment of Steve Thomas as Director of Sales Engineering and Business Development. In this new position, Thomas will be responsible for applying his extensive technical security engineering background to help the company provide exceptional customer support services. Prior to joining SecurityScorecard, Thomas served as … Continued

Read More
The Problem With Corporate Email Addresses on Social Networks

The Problem With Corporate Email Addresses on Social Networks

SecurityScorecard Finds Grainger Susceptible to Social Engineering In a July 14 press release, the B2B industrial distributor, W.W. Grainger reported that it had experienced a security attack. The company stated in this press release that there was “no evidence there is any impact to customers, suppliers or employees because there is no indication that information … Continued

Read More
[Case Study] How To Operationalize Third Party Risk Management

[Case Study] How To Operationalize Third Party Risk Management

Harry’s Automates Vendor Risk Management Harry’s, an online retailer, was looking to solve the paradoxical challenge of having accurate, precise security information about partners, vendors, and suppliers whose networks they cannot access. Organization’s such as Harry’s cannot directly log in and access a partner’s network to readily view the security posture of that third party’s … Continued

Read More
U.S. Military Manufacturer Experiences Data Breach

U.S. Military Manufacturer Experiences Data Breach

Over 3,700 Customers’ PII, and Credit Card Information Breached Durham, North Carolina-based LC Industries has recently reported a security data breach, according to SC Magazine. The breach, which occurred in early June, affects a total of 3,754 customers, and affected 22 specific customers in New Hampshire, hence a public notification to the Department of Justice in the … Continued

Read More
Major Travel Brand Shines Spotlight on Weak Partner Security Issues

Major Travel Brand Shines Spotlight on Weak Partner Security Issues

Phishing Scam on Expedia Customers Underscores Third Party Breach Issues Update: Trump Hotels is the latest carding victim, reports security journalist Brian Krebs. Krebs outlines how Trump is one victim in a string of hotel, restaurant, and other retail establishments being targeted in 2015. Another week, another big brand’s customers are targeted through a third party. The … Continued

Read More
Banking Malware Trends Q1/Q2

Banking Malware Trends Q1/Q2

SecurityScorecard Releases First Major Research Report for 2015 Update: Although a major portion of Dridex has been taken down recently by the FBI, researchers are reminding organizations that there is an underground economy for botnets that offer this level of stealth. There is little doubt that Dridex, and new versions of it, are being circulated. “Think … Continued

Read More
SecurityScorecard CRO Talks LastPass Hack in Business Insider

SecurityScorecard CRO Talks LastPass Hack in Business Insider

We Monitor Hacker Chatter in Our Platform Our Chief of Research, Alex Heid, was interviewed yesterday by Business Insider on the LastPass breach that the company announced earlier in the week. Heid told the business website that there is evidence that LastPass had been probed by a hacker over two years ago in September of 2013. … Continued

Read More
Healthcare Breach Shines Spotlight on Third Party Security Risks

Healthcare Breach Shines Spotlight on Third Party Security Risks

6 Reported Medical Centers, Hospitals in Indiana Have Patient Records Breached Update: According to the Department of Health and Human Services, this third party data breach from Medical Informatics Engineering and NoMoreClipboard has now affected a whopping total of 3.9 million individuals, making it the fourth largest breach in 2015, according to Data Breach Today. … Continued

Read More
The Current State of UK Bank Security

The Current State of UK Bank Security

SecurityScorecard Digs into the Grades of UK Banks A Freedom of Information request in the UK has revealed 791 data breaches occurred at most of the region’s major banks since the start of 2013 (with 585 of the incidents occurring in 2014).  The FOI request was spawned by Egress Software Technologies, an email encryption provider, that recently reported … Continued

Read More
UPDATE: Feds Breached Again, Lose 21.5 Million Records

UPDATE: Feds Breached Again, Lose 21.5 Million Records

SecurityScorecard Finds Federal Department Had Poor Security Hygiene, Especially in IP Reputation LATEST UPDATE: The number of people affected by the OPM breach is now over 21.5 million, according to The New York Times. UPDATE: BloombergBusiness reported the numbers of employee and contractor records stolen could now be up to 14 million. The news organization … Continued

Read More
The Calm Before the Mobile API Data Breach Storm

The Calm Before the Mobile API Data Breach Storm

Prediction: Mobile App Security Practices Will Become a Third Party Data Risk Mobile security may not be as easy to exploit as other established attack styles, but this latest news could change that for the worse. The Center for Advanced Security Research Darmstadt (CASED) in Germany has responsibly disclosed a cloud application security issue it discovered and published … Continued

Read More
CISOs: Pay Attention to the Cost of Lost Customers

CISOs: Pay Attention to the Cost of Lost Customers

If you haven’t downloaded the latest Ponemon Institute report on the cost of data breaches, well, you might want it… Is that a yawn? A groan from data theft marketing fatigue and breach boredom? We get it. Talking about the financial impact of data breaches isn’t nearly as cool as dissecting hacks (ahem, Adult Friend Finder and … Continued

Read More
Third Party Risk in Business Units Is Festering

Third Party Risk in Business Units Is Festering

Vendor management offices, risk management programs, and security leaders are all being asked to manage third party risks buried in business units. They are all looking at it from their own unique, but disparate disciplines and points of view. The reason it is so difficult to discover risk is for one, simple reason: the volume … Continued

Read More