Product News

Find out about our new product features, the latest platform changes, and discover company announcements before anyone else.

Risk Management

Stay up to date on third-party risk management best practices and techniques, and learn about new regulations for third party risk.

Security Research

Keep up with research around the biggest data breaches, malware infections, IoT risks and all the latest news in cybersecurity.

SecurityScorecard on the Principles for Fair & Accurate Security Ratings: A Statement on Model Governance

Recently, we explained how the SecurityScorecard platform meets the US Chamber of Commerce’s Principles for Fair and Accurate Security Ratings directive to provide accurate and validated ratings. This week we’re continuing our ongoing efforts to provide awareness around these standards by looking at Model Governance, a principle focused on promoting fair ratings. This principle states: … Continued

Security Roundup: Uber's Chat System, IoT Exploits, and More

Security Roundup: Uber’s Chat System, IoT Exploits, and More

This week’s Security Roundup brought to you by Or Rikon and Sean Smith. Forms over HTTP to be considered insecure. Reminder that Google is planning to show pages as insecure if they contain forms that get posted over HTTP, rather than HTTPS. Avoiding essentially requires upgrading to use SSL. WikiLeaks Website Apparently hacked by OurMine using DNS … Continued

Read More
NY DFS Cybersecurity Requirements: Who Should Be Listening

NY DFS Cybersecurity Requirements: Who Should Be Listening

For those companies who have been following the New York Department of Financial Services Cybersecurity Requirements and have educated themselves on everything about the regulation, it was easy to jump right into the substance of the requirements.   But for those of you who are just catching up and beginning to evaluate this state cybersecurity … Continued

Read More
Understanding the Basics: NIST Cybersecurity Framework

Understanding the Basics: NIST Cybersecurity Framework

Although not a regulatory framework, the U.S. National Institute of Standards and Technology (NIST) framework is considered an industry best practice for to identifying, measuring, and managing cybersecurity risk. In the 2016 Tenable Trends in Security Framework Adoption Survey, nearly a third of the IT and security professionals surveyed said the NIST cybersecurity framework was … Continued

Read More
Security Roundup: Labor Day Edition

Security Roundup: Labor Day Edition

This week’s SecurityRoundup brought to you by Sean Smith and Scott Walsh.   Neutrino to Jimmy, a Malware Evolution. A few months ago, Kaspersky provided an analysis of a banking trojan calledNeutrino, and this week they dive into its evoluton, which they call Jimmy. The malware strain has evolved from straight up banking card stealing, to … Continued

Read More
A Quick Look at FFIEC's Assessment Tool

A Quick Look at FFIEC’s Assessment Tool

The Federal Financial Institution Examination Council (FFIEC) recently issued the Cybersecurity Assessment Tool (CAT). For U.S. financial institutions that fall under the FFIEC’s purview, this is a framework that can facilitate discussions about an organization’s cybersecurity maturity. As its name suggests, the CAT is a measurement of overall cybersecurity preparedness that the FFIEC recommends as … Continued

Read More
Healthcare Companies Stay Alert to Cyber-Attacks

Healthcare Companies Stay Alert to Cyber-Attacks

As the number of cyber-attacks has increased, companies in the healthcare industry are working to keep up with the dynamic cybersecurity landscape. But with an estimated 4.5 million records healthcare records exposed last year, the healthcare industry’s efforts are still no match for hackers. While building cybersecurity hygiene is a struggle that every industry is … Continued

Read More
IoT Threat Advisory: CVE-2017-7577

IoT Threat Advisory: CVE-2017-7577

  IoT Threat Advisory: CVE-2017-7577 CVSSv2 Score: 5.0 – 10 (conditional) SecurityScorecard Research and Development Department August 9, 2017   Overview As of July 31, 2017, SecurityScorecard has identified 205,390 IoT devices on the public internet (IPv4) which are currently vulnerable to remote exploitation via CVE-2017-7577- a publicly known vulnerability that can allow hackers to … Continued

Read More
SR 13- 19 Provides Guidance on Service Provider Risk Management

SR 13- 19 Provides Guidance on Service Provider Risk Management

The Board of Governors of the Federal Reserve System’s most recent Supervisory Letter “Guidance on Managing Outsourcing Risk” (“Guidance”), released in December 5, 2013, distills the characteristics, governance, and operations required for a risk management program aimed at monitoring service providers of financial institutions. Specifically, the guidance lays on top of other regulatory guidance on … Continued

Read More
IAPP Webinar Extended Q&A

IAPP Webinar Extended Q&A

For those of you who joined SecurityScorecard and our customer Allstate at the IAPP Webinar on Assuring Data Privacy and Security Compliance, we greatly appreciate the lively audience! We were happy to share some of our experiences in the information security space and even happier to hear the unique insights from Derek Morford and Adriana … Continued

Read More
An Overview of PCI DSS 3.2: Part 2

An Overview of PCI DSS 3.2: Part 2

Earlier today we wrote about the first half of the Payment Card Industry Data Security Standard (PCI DSS)-  a set of requirements dedicated to helping secure credit card data. If you haven’t had a chance to read that yet, click here. This post is dedicated to providing on overview on the second half of PCI … Continued

Read More
An Overview of PCI DSS 3.2: Part 1

An Overview of PCI DSS 3.2: Part 1

PCI compliance is a critical factor in the trustworthiness of your business when it comes to handling customers’ credit card information. While PCI compliance does not equal bulletproof security of credit card data, it does set a bar for companies who transmit, store, or process credit card data must meet. The Payment Card Industry Data … Continued

Read More
Employee Spotlight: A Look Inside SecurityScorecard

Employee Spotlight: A Look Inside SecurityScorecard

Recently, SecurityScorecard had the honor of receiving the Business Intelligence Group’s Best Place to Work award and being named CRN’s 10 Coolest Startups of 2017. Both these awards reflect the truly talented, enthusiastic, and inspiring employees who work here. We thought we’d dedicate a blog post to some of the people who make SecurityScorecard a … Continued

Read More
SecurityScorecard At Black Hat Event July 22-27

SecurityScorecard At Black Hat Event July 22-27

Black Hat is the world’s leading information security event, providing attendees with the very latest in research, development and trends. Black Hat USA 2017 kicks off with four days of technical Trainings (July 22-25) followed by the two-day main conference (July 26-27) featuring Briefings, Arsenal, Business Hall, and more. If you are one of the … Continued

Read More
FAQs about GDPR

FAQs about GDPR

  On May 25, 2018, the General Data Protection Regulation (GDPR) will go into effect, replacing the Data Protection Directive from 1995. This is the largest data protection legislation in the last 20 years. The new regulation addresses the export control of personal data of the European Union’s (EU) citizens and how businesses use this … Continued

Read More
SecurityScorecard Wins Best Place to Work Award

SecurityScorecard Wins Best Place to Work Award

SecurityScorecard Wins Best Place to Work Award   We are thrilled to receive the Business Intelligence Group’s (BIG) Best Places to Work award. This award is a tribute to the enthusiasm of the employees who work at SecurityScorecard. It affirms some of our efforts to create a positive work environment and pushes us to look … Continued

Read More
Cybersecurity Talent: The Problem and the Solution

Cybersecurity Talent: The Problem and the Solution

The rise in cybersecurity breaches tells us cybersecurity prevention efforts will remain important for the foreseeable future. Companies of all sizes and types are looking to spend on prevention efforts, specifically on hiring qualified cybersecurity specialists. So if the budgets are being allocated, the demand for cybersecurity talent is present, and the opportunities are available, … Continued

Read More
Petya Ransomware Attack: A Wake Up Call

Petya Ransomware Attack: A Wake Up Call

Just recently, we wrote about how in the aftermath of the WannaCry attack, companies should keep their guard up and be prepared for similar ransomware attacks: Enter the Petya attack.   The Petya family of malware is a ransomware variant that encrypts both the files and the partition of the hard drive, displaying a bootup … Continued

Read More
Risk Assessments: A Step-By-Step Guide

Risk Assessments: A Step-By-Step Guide

  Performing risk assessments is a key part of any organization’s information security management program. Everyone knows that there’s some level of risk involved when it comes to a company’s critical data, assets, and facilities, but how do you quantify and prepare for this risk? The purpose of a risk assessment is to determine what … Continued

Read More
How to Implement NIST 800-63B Changes (as Painlessly as Possible)

How to Implement NIST 800-63B Changes (as Painlessly as Possible)

As many of you are aware, the NIST Special Publication 800-63B is a draft guideline on best practices for digital identity. While NIST setting national guidelines on securing technology is nothing new, this particular chapter on authentication and lifecycle management has proven to be a game-changer in the world of online passwords since its release … Continued

Read More
90-Days In: What DFS Questions Do You Have?

90-Days In: What DFS Questions Do You Have?

Since the last time we wrote about the DFS Cybersecurity Regulations, the final version of the regulations went into effect on March 1st, 2017. It’s 90 days later, and financial companies are racing to fix their cybersecurity posture, with the first set of deadlines quickly approaching. It’s no surprise that NY DFS stepped with this … Continued

Read More
Ransomware: A Detailed Analysis of an Emerging Threat

Ransomware: A Detailed Analysis of an Emerging Threat

  One of the most dangerous emerging trends in the malware world is ransomware. This hacking method has already wrought significant havoc on many businesses and individuals since becoming a credible threat a few years ago, and it seems to be growing in complexity and destructive potential with each passing day. This article will provide … Continued

Read More
Release Notice: New Vendor Collaboration Enhancements Accelerates Path to Remediation and Improved Ratings

Release Notice: New Vendor Collaboration Enhancements Accelerates Path to Remediation and [...]

SecurityScorecard strives to make vendor collaboration easy and accessible. Our latest release strengthens the vendor collaboration process by:   Setting clear expectations between customers and their vendors with regard to security issue remediation;   Empowering customers by increasing transparency over the engagement level of their vendors in improving their security; Providing vendors with enhanced clarity … Continued

Read More
A CISO’s Guide to Communicating with the Board

A CISO’s Guide to Communicating with the Board

Communicating with the Board of Directors can be one of the most difficult tasks that a Chief Information Security Officer is responsible for. Whether it’s because of differing priorities, a lack of clear information, or simple indifference, a CISO can have trouble getting the Board on the same page if he or she is not … Continued

Read More
WannaCry: The Global Attack with a Reminder Attached

WannaCry: The Global Attack with a Reminder Attached

  Last week a ransomware attack, unprecedented in size hit companies and organizations across the globe. As the world returns to the office today, the attack is poised to spread as unpatched machines are flipped on as people get back to work. Over the weekend, the SecurityScorecard research team completed a global scan using the … Continued

Read More
What is the Equation Group & who are the Shadow Brokers?

What is the Equation Group & who are the Shadow Brokers?

A massive ransomware attack has hit companies and organizations in over 99 countries causing tremendous business and civil disruption. The attack appears to stem from the use of stolen hacking tools that have been published by a group called the Shadow Brokers. The ransomware attacks appear to be the latest fallout relating to the EquationGroup … Continued

Read More
Top 10 Information Security Websites You Have to Follow

Top 10 Information Security Websites You Have to Follow

You’re a CISO on the train on your way into work. What are you reading? We all know that the information security world is constantly evolving, making it increasingly important to keep up with the latest threat, breach, or vulnerability that may be exposing risk to your organization. There are many security publications, sites, and … Continued

Read More
Top 12 Information Security Twitter Accounts You Have to Follow

Top 12 Information Security Twitter Accounts You Have to Follow

The information security industry moves at an incredibly quick pace, and sometimes it’s difficult to keep up with the the most recent updates, hacks, and data leaks that pose a threat to your organization. Social media is an excellent and quick way to ensure that you’re continuously informed on the latest security threat what’s most … Continued

Read More
Why are typosquats a risk to your organization?

Why are typosquats a risk to your organization?

  SecurityScorecard CEO, Aleksander Yampolskiy, recently did a presentation on the dangers of typosquats and how they can impact your organization. Keep reading to learn more about typosquats and how you can combat them. What are typosquats? Typosquatting, also called URL hijacking, is when an attacker targets a brand and registers a domain relying on typographical errors. … Continued

Read More