Product News

Find out about our new product features, the latest platform changes, and discover company announcements before anyone else.

Risk Management

Stay up to date on third-party risk management best practices and techniques, and learn about new regulations for third party risk.

Security Research

Keep up with research around the biggest data breaches, malware infections, IoT risks and all the latest news in cybersecurity.

Third Parties a Major Culprit in Healthcare Breaches

Healthcare Breaches Cannot Be Ignored There have been two notable healthcare breaches in the last month: Upstate New York healthcare provider, Excellus Blue Cross Blue Shield, recently reported over 10 million patients’ records were breached. Systema Software, a Larskpur, California-based third party claims software provider, had data of 1.5 million customer claims data exposed on … Continued

Use Vendor Risk Management Templates to Establish a Baseline

Use Vendor Risk Management Templates to Establish a Baseline

Level the Vendor Risk Playing Field With Templates Two facts have radically transformed vendor risk management and the need for template use in just the past few years:   There’s increased awareness that vendors are often the weak links that allow data breaches to occur; Federal regulators are increasingly vocal about the need for aggressive … Continued

Read More
How Strong Is Your Vendor Management Program?

How Strong Is Your Vendor Management Program?

Vendor Management: You Need a Strategy Like the game of chess, vendor management requires understanding all the moves of all the pieces of vendors themselves. The more vendors differ in what and how they supply your company, the more challenging your vendor management (VM) program will be. Vendor management processes for companies with minimal vendor diversity … Continued

Read More
A Closer Look at Experian’s Scorecard

A Closer Look at Experian’s Scorecard

T-Mobile & Experian: The Fallout From Big Brand Breaches Update: Class-action lawsuits for Experian are increasing, according to The Hill. Experian, who released half-year financials yesterday, was quoted as saying: “It is currently not possible to predict the scope and effect on the Group of these various regulatory and government investigations and legal actions, including their timing … Continued

Read More
The Target Breach: A Study in Vendor Risk Gaps

The Target Breach: A Study in Vendor Risk Gaps

Verizon Report to Target Reinforces Need for Instant Risk Visibility Target has become a case study in the long-term effects of security risk via a third party. A class action suit brought by banks, credit unions, and financial firms was recently approved by a Federal judge, so the legal costs are still being added up. The … Continued

Read More
The 10 Best & Worst College & University Security Rankings

The 10 Best & Worst College & University Security Rankings

A University Security Audit for 2015 Data breaches and data theft at colleges and universities are a very common occurrence. From the 80,000 students recently affected at California State colleges to the 29 employee records hacked at the University of Calgary last week in Canada, higher education is a frequently targeted playground for security attacks. This week, Rutgers University … Continued

Read More
Announcing the First Collaborative Security Risk Platform

Announcing the First Collaborative Security Risk Platform

Our Mission is to Empower Every Company with Collaborative Security Intelligence Today, we are proud to launch the first fully collaborative platform for closing the security loop with partners. Via the ‘Invite a Vendor’ function, customers can now directly share detailed Scorecard information with strategic partners, suppliers, and vendors. SecurityScorecard customers can speed up the … Continued

Read More
Addressing The Vendor Risk Management Dilemma

Addressing The Vendor Risk Management Dilemma

It has happened in retail, in hotels, in healthcare, and in many other verticals with many suppliers or partners. Exactly how has vendor risk management missed the mark so often? It has become an old story. A large company’s network is gravely breached and, after weeks of investigation, a finger is pointed at a minor … Continued

Read More
The Vendor Risk Checklist You Need Before Signing a Contract

The Vendor Risk Checklist You Need Before Signing a Contract

Validate Vendor Risk Management with a Security Checklist We’ve compiled a checklist of items that your company can use to protect its infrastructure whenever it starts working with a new vendor, as part of routine vendor risk management processes. A vendor’s systems can be a threat to you  when both parties’ systems are connected together. This … Continued

Read More
Why Supply Chains Need Strong Vendor Risk Management

Why Supply Chains Need Strong Vendor Risk Management

The New Attack Perimeter: Third-Party Suppliers As technology becomes more tightly integrated with traditional manufacturing processes, OEM components and capital equipment are vulnerable to intrusion. Ultimately, companies that rely on suppliers to secure their own products are falling behind the regulatory and reputational curve. Security is front of mind for government scrutiny and consumer awareness. … Continued

Read More
5 Tools Every Vendor Manager Should Know About

5 Tools Every Vendor Manager Should Know About

Vendor Management Is Evolving Into a More Complex and Risky Process When tasked with working in a modern technology-driven industry you will undoubtedly find that your company is not large enough to facilitate all the needs that your customers and employees require. This is true for almost any company now, and the easiest way to … Continued

Read More
Research Reflections from Black Hat 2015

Research Reflections from Black Hat 2015

Members of SecurityScorecard’s R&D Team Attended Black Hat USA 2015 The following post includes reflections and impressions from Black Hat USA 2015 by two security researchers, John Mullins and Greg Lindor, who work on SecurityScorecard’s Research & Development team.  This team is led by Head of Threat Intelligence, Marcello Duarte, who manages and advises a team … Continued

Read More
The Security of Mobile Apps Starts and Ends With Developers

The Security of Mobile Apps Starts and Ends With Developers

Third Party Development Adds to the App Security Dillema According to a story from Business Insider, mobile device users spend 86 percent of their time using mobile apps, as opposed to the mobile web. Businesses cite the rapid adoption of apps as a way to cut costs and increase productivity, but apps suffer from insecure … Continued

Read More
Security DNA Is the Foundation of SecurityScorecard

Security DNA Is the Foundation of SecurityScorecard

SecurityScorecard Expands Security Talent with New Hire Today, we announced the appointment of Steve Thomas as Director of Sales Engineering and Business Development. In this new position, Thomas will be responsible for applying his extensive technical security engineering background to help the company provide exceptional customer support services. Prior to joining SecurityScorecard, Thomas served as … Continued

Read More
Third-Party Security Breaches Sign of Growing Vendor Risk Problem

Third-Party Security Breaches Sign of Growing Vendor Risk Problem

Third Party Breaches Continue to Remain in the Media The long term effects of data breaches that have originated via third parties have the attention of executive boards of directors, but the C-level may not be as keen on dealing with the problem as you might think. These long term effects include: legal action from customers, damage … Continued

Read More
Echoes of Target Breach In Recent CVS Photo Partner Hack

Echoes of Target Breach In Recent CVS Photo Partner Hack

PNI Digital Media Was A Third Party Entry Point Into Big Retail: CVS, Walmart, Possibly Others Update: PNI Digital media is facing multiple class action lawsuits, according to Law 360 and Class Actions Reporter. One suit is centered on CVS in the state of Georgia; the other suit is focused on Costco which was filed … Continued

Read More
[Case Study] How To Operationalize Third Party Risk Management

[Case Study] How To Operationalize Third Party Risk Management

Harry’s Automates Vendor Risk Management Harry’s, an online retailer, was looking to solve the paradoxical challenge of having accurate, precise security information about partners, vendors, and suppliers whose networks they cannot access. Organization’s such as Harry’s cannot directly log in and access a partner’s network to readily view the security posture of that third party’s … Continued

Read More
Monthly News Roundup: Q2 Small Business Data Breaches

Monthly News Roundup: Q2 Small Business Data Breaches

Keep Track of SMB Security & Third Party Security Risks The big name brands may get all the security and data breach attention, but that does not mean that is where all of the data breaches and hacks are occurring. As we look closer at the entire security and risk management threat landscape and include small and … Continued

Read More
The Current State of UK Bank Security

The Current State of UK Bank Security

SecurityScorecard Digs into the Grades of UK Banks A Freedom of Information request in the UK has revealed 791 data breaches occurred at most of the region’s major banks since the start of 2013 (with 585 of the incidents occurring in 2014).  The FOI request was spawned by Egress Software Technologies, an email encryption provider, that recently reported … Continued

Read More
How to Leverage Business Continuity for Security

How to Leverage Business Continuity for Security

CISOs: Use Business Impact Reports To Prioritize Risk There are a few themes we see emerging for security professionals, especially those leading the charge, (we’re talking to you, CISO). One theme is that operating a more risk-aware security organization requires an understanding of what to prioritize. A related theme is: How do you actually prioritize security risks based … Continued

Read More
UPDATE: Feds Breached Again, Lose 21.5 Million Records

UPDATE: Feds Breached Again, Lose 21.5 Million Records

SecurityScorecard Finds Federal Department Had Poor Security Hygiene, Especially in IP Reputation LATEST UPDATE: The number of people affected by the OPM breach is now over 21.5 million, according to The New York Times. UPDATE: BloombergBusiness reported the numbers of employee and contractor records stolen could now be up to 14 million. The news organization … Continued

Read More
The Calm Before the Mobile API Data Breach Storm

The Calm Before the Mobile API Data Breach Storm

Prediction: Mobile App Security Practices Will Become a Third Party Data Risk Mobile security may not be as easy to exploit as other established attack styles, but this latest news could change that for the worse. The Center for Advanced Security Research Darmstadt (CASED) in Germany has responsibly disclosed a cloud application security issue it discovered and published … Continued

Read More
What Is the ROI of Technology that Mitigates Risk?

What Is the ROI of Technology that Mitigates Risk?

Our CEO and Co-founder Dr. Alex Yampolskiy will be presenting on this topic on Wednesday, June 3rd at the NetDiligence Cyber Forum in Philadelphia at 11:15 a.m. The presentation will explore the following: Should a company invest in more security rather than other risk management methods? Which approach should be used to determine the risk … Continued

Read More
CISOs: Pay Attention to the Cost of Lost Customers

CISOs: Pay Attention to the Cost of Lost Customers

If you haven’t downloaded the latest Ponemon Institute report on the cost of data breaches, well, you might want it… Is that a yawn? A groan from data theft marketing fatigue and breach boredom? We get it. Talking about the financial impact of data breaches isn’t nearly as cool as dissecting hacks (ahem, Adult Friend Finder and … Continued

Read More
Credit Union Groups Are Bickering Over Cybersecurity Risk

Credit Union Groups Are Bickering Over Cybersecurity Risk

Credit unions are in the third party security risk news again. This time it’s for wanting Congress to allow the regulatory body that aims to protect credit unions to gain more ability to actually monitor and guard against third party risk emanating from credit unions. The credit union lobby, however, not as supportive of this as … Continued

Read More
Financials Cheer Target's Failed Settlement with MasterCard

Financials Cheer Target’s Failed Settlement with MasterCard

Third Party Breaches Can Have Long Term Impact on Cost Breaches happen in minutes. Lawsuits happen for years. The total costs of Target’s 2013 data breach of 40 million customer credit card numbers will continue to be an unknown for a whole lot longer than the giant retailer would likely want after financial institutions rejected a proposed settlement from Target with MasterCard … Continued

Read More
Third Party Risk in Business Units Is Festering

Third Party Risk in Business Units Is Festering

Vendor management offices, risk management programs, and security leaders are all being asked to manage third party risks buried in business units. They are all looking at it from their own unique, but disparate disciplines and points of view. The reason it is so difficult to discover risk is for one, simple reason: the volume … Continued

Read More
CISO, The Board Is Listening

CISO, The Board Is Listening

Given the volume of embarrassing and financially impactful breaches over the last few years, security leaders are getting fresh and unparalleled attention. Security teams have been clamoring to be heard by corporate leaders and executive boards for many years. Now they are. According to ZDNet’s Dion Hinchcliffe, CISOs and business executives have never been more aligned. Hinchcliffe, who placed … Continued

Read More