Product News

Find out about our new product features, the latest platform changes, and discover company announcements before anyone else.

Risk Management

Stay up to date on third-party risk management best practices and techniques, and learn about new regulations for third party risk.

Security Research

Keep up with research around the biggest data breaches, malware infections, IoT risks and all the latest news in cybersecurity.

The Importance of Principles for Fair and Accurate Security Ratings

The security ratings industry is evolving, and SecurityScorecard has been a proud participant in every step.  Today we are proud to discuss a set of guiding principles that we believe in and which form a foundation for further industry growth.  We are also excited that the US Chamber of Commerce has agreed to assist in … Continued

Risk Assessments: A Step-By-Step Guide

Risk Assessments: A Step-By-Step Guide

  Performing risk assessments is a key part of any organization’s information security management program. Everyone knows that there’s some level of risk involved when it comes to a company’s critical data, assets, and facilities, but how do you quantify and prepare for this risk? The purpose of a risk assessment is to determine what … Continued

Read More
How to Implement NIST 800-63B Changes (as Painlessly as Possible)

How to Implement NIST 800-63B Changes (as Painlessly as Possible)

As many of you are aware, the NIST Special Publication 800-63B is a draft guideline on best practices for digital identity. While NIST setting national guidelines on securing technology is nothing new, this particular chapter on authentication and lifecycle management has proven to be a game-changer in the world of online passwords since its release … Continued

Read More
90-Days In: What DFS Questions Do You Have?

90-Days In: What DFS Questions Do You Have?

Since the last time we wrote about the DFS Cybersecurity Regulations, the final version of the regulations went into effect on March 1st, 2017. It’s 90 days later, and financial companies are racing to fix their cybersecurity posture, with the first set of deadlines quickly approaching. It’s no surprise that NY DFS stepped with this … Continued

Read More
Ransomware: A Detailed Analysis of an Emerging Threat

Ransomware: A Detailed Analysis of an Emerging Threat

  One of the most dangerous emerging trends in the malware world is ransomware. This hacking method has already wrought significant havoc on many businesses and individuals since becoming a credible threat a few years ago, and it seems to be growing in complexity and destructive potential with each passing day. This article will provide … Continued

Read More
Release Notice: New Vendor Collaboration Enhancements Accelerates Path to Remediation and Improved Ratings

Release Notice: New Vendor Collaboration Enhancements Accelerates Path to Remediation and [...]

SecurityScorecard strives to make vendor collaboration easy and accessible. Our latest release strengthens the vendor collaboration process by:   Setting clear expectations between customers and their vendors with regard to security issue remediation;   Empowering customers by increasing transparency over the engagement level of their vendors in improving their security; Providing vendors with enhanced clarity … Continued

Read More
A CISO’s Guide to Communicating with the Board

A CISO’s Guide to Communicating with the Board

Communicating with the Board of Directors can be one of the most difficult tasks that a Chief Information Security Officer is responsible for. Whether it’s because of differing priorities, a lack of clear information, or simple indifference, a CISO can have trouble getting the Board on the same page if he or she is not … Continued

Read More
WannaCry: The Global Attack with a Reminder Attached

WannaCry: The Global Attack with a Reminder Attached

  Last week a ransomware attack, unprecedented in size hit companies and organizations across the globe. As the world returns to the office today, the attack is poised to spread as unpatched machines are flipped on as people get back to work. Over the weekend, the SecurityScorecard research team completed a global scan using the … Continued

Read More
What is the Equation Group & who are the Shadow Brokers?

What is the Equation Group & who are the Shadow Brokers?

A massive ransomware attack has hit companies and organizations in over 99 countries causing tremendous business and civil disruption. The attack appears to stem from the use of stolen hacking tools that have been published by a group called the Shadow Brokers. The ransomware attacks appear to be the latest fallout relating to the EquationGroup … Continued

Read More
Top 10 Information Security Websites You Have to Follow

Top 10 Information Security Websites You Have to Follow

You’re a CISO on the train on your way into work. What are you reading? We all know that the information security world is constantly evolving, making it increasingly important to keep up with the latest threat, breach, or vulnerability that may be exposing risk to your organization. There are many security publications, sites, and … Continued

Read More
Top 12 Information Security Twitter Accounts You Have to Follow

Top 12 Information Security Twitter Accounts You Have to Follow

The information security industry moves at an incredibly quick pace, and sometimes it’s difficult to keep up with the the most recent updates, hacks, and data leaks that pose a threat to your organization. Social media is an excellent and quick way to ensure that you’re continuously informed on the latest security threat what’s most … Continued

Read More
Why are typosquats a risk to your organization?

Why are typosquats a risk to your organization?

  SecurityScorecard CEO, Aleksander Yampolskiy, recently did a presentation on the dangers of typosquats and how they can impact your organization. Keep reading to learn more about typosquats and how you can combat them. What are typosquats? Typosquatting, also called URL hijacking, is when an attacker targets a brand and registers a domain relying on typographical errors. … Continued

Read More
How New Technology is Bringing Risk to the Healthcare Industry

How New Technology is Bringing Risk to the Healthcare Industry

  The Internet of Things (IoT) is increasingly becoming a popular topic of choice in the cybersecurity industry and for unfortunate reasons. In short, the Internet of Things is the name applied to a wide variety of devices that connect to the internet. These can be routers, cameras, smart light bulbs, and medical devices. Unfortunately, … Continued

Read More
How IoT Is Responsible for the Massive DDoS Attack

How IoT Is Responsible for the Massive DDoS Attack

On Friday morning, October 21st, East Coast internet users found themselves unable to access major websites such as Spotify, Twitter, Netflix, and Reddit, among others. Reports quickly came out detailing that the reason for the internet outage was due to a massive DDoS attack leveraged against Dyn, an internet infrastructure company that provides DNS services … Continued

Read More
3 Security Approaches CISOs Must Embrace To Mitigate Third Party Risk

3 Security Approaches CISOs Must Embrace To Mitigate Third Party Risk

  Guest post by Sam Kassoumeh, COO and co-founder of SecurityScorecard. A seasoned cybersecurity professional, he has been the Head of Security and Compliance at Gilt and led Global Security at Federal-Mogul. Sam has over 10 years of experience leading security teams. In this guest blog post, Sam offers a critical perspective of how CISOs … Continued

Read More
Information Security and The Rio Games: Was Brazil Ready?

Information Security and The Rio Games: Was Brazil Ready?

  On Friday August 5th, the Rio Olympics kicked off and millions of eyes eagerly anticipated the start of the games. In the eyes of information security, a tentative breath was held to see if a major security incident would affect the opening ceremony or any subsequent events. Large sporting events are increasingly becoming an … Continued

Read More
What Brexit Means for The Cybersecurity Industry

What Brexit Means for The Cybersecurity Industry

  In late June, the United Kingdom (UK) held a referendum on whether or not the UK would continue to be a member of the European Union (EU). The UK voted to leave the EU, a decision dubbed as the ‘Brexit.’ The initial consequence of the Brexit looked grim and despite some recovery, the fallout … Continued

Read More
How Big is the End-Of-Life Cybersecurity Problem? [INFOGRAPHIC]

How Big is the End-Of-Life Cybersecurity Problem? [INFOGRAPHIC]

  End-of-Service or End-Of-Life (EOL), is a term applied to hardware or software when a manufacturer stops supporting it with any updates. This can be very problematic since any vulnerabilities that are found (and can subsequently be exploited by hackers) will never be patched. This can cause widespread damage if a software, such as an operating … Continued

Read More
Announcing the Security Roundup Newsletter

Announcing the Security Roundup Newsletter

Introducing the Security Roundup Newsletter. The Security Roundup is our weekly curated newsletter made up of the most interesting and important developments in the cybersecurity space. Our Director of Architecture, Sean Smith, provides his research and analysis on content scoured across the web, ranging from new developments on a strain of ransomware, how Google is … Continued

Read More
How Big Is the U.S. Government Cybersecurity Problem?

How Big Is the U.S. Government Cybersecurity Problem?

A look at recent data breaches and how the government is reacting. It seems like the US government is more and more often falling prey to hackers, whether it’s from nation-sponsored organizations or independent organizations. Two government data breaches made the list of Network World’s list of ‘Biggest data breaches of 2015’ citing an IRS … Continued

Read More