ETFOptimize | High-performance ETF-based Investment Strategies

Quantitative strategies, Wall Street-caliber research, and insightful market analysis since 1998.
ETFOptimize | HOME
Close Window
Recent Quotes
My Watchlist
Indicators
Markets
Stocks
ETFs
Tools
Markets:
Overview
News
Currencies
International
Treasuries

SecurityScorecard Threat Intelligence Reveals 90% of Energy Companies Experienced a Third-Party Breach

By: via Business Wire

SecurityScorecard today released new research revealing that 90% of the world’s leading energy companies experienced a third-party data breach in the past 12 months. The research highlights how the energy industry faces a significant threat from third-party risks, where attackers target an organization's vendor ecosystem.

Using AI-powered data breach intelligence and elite threat researchers, SecurityScorecard actively identifies, measures, and manages risk of emerging threats across the supply chain. Key findings from this research include:

  • 90% of the largest global energy companies had a third-party breach in the past 12 months.
  • 100% of the top 10 U.S. energy companies experienced a third-party breach.
  • 92% of the energy companies evaluated have been exposed to a fourth-party breach.
  • 33% of energy companies had a C Security Rating or below, indicating higher likelihood of breach.
  • In the last 90 days, SecurityScorecard identified 264 breach incidents related to third-party compromises.
  • MOVEit was the most prevalent third-party vulnerability in the last six months, with hundreds of companies impacted around the world.

Ryan Sherstobitoff, Senior Vice President of Threat Research and Intelligence, SecurityScorecard, said: “More than two years after the major U.S. pipeline ransomware incident, the world still lacks a common framework for measuring cyber risk. Transparency and information sharing about cybersecurity is critical for national security.”

SecurityScorecard analyzed more than 2,000 third-party vendors and discovered that only 4% of them had experienced breaches themselves. However, a striking 90% of the evaluated companies suffered from third-party breaches. When attackers successfully compromise a widely-used software, they can potentially access all organizations that rely on that software.

Majority underestimate cyberattacks on third-party ecosystem

As cited by the new SEC cyber incident disclosure requirements, SecurityScorecard research found that 98% of organizations use at least one third-party vendor that has experienced a breach in the last two years.

Jim Routh, Fortune 500 CISO and Senior Advisor and Chairman, SecurityScorecard Cybersecurity Advisory Board, added: “Hope and prayer may be useful but are clearly not sustainable strategies. Preventing the surge of supply chain attacks requires systematically applying real time data triggering automated workflow to manage risk in the digital ecosystem.”

Methodology

SecurityScorecard analyzed the cybersecurity profiles of the 48 largest energy companies in the United States, United Kingdom, France, Germany, and Italy. These companies included the coal, oil, natural gas, and electricity sectors. In total, SecurityScorecard examined over 21,000 domains, and analysis included both their third-party and fourth-party vendors The top 48 companies were ranked by current revenue.

Additional resources

About SecurityScorecard

Funded by world-class investors, including Evolution Equity Partners, Silver Lake Partners, Sequoia Capital, GV, Riverwood Capital, and others, SecurityScorecard is the global leader in cybersecurity ratings, response, and resilience, with more than 12 million companies continuously rated.

Founded in 2013 by security and risk experts Dr. Aleksandr Yampolskiy and Sam Kassoumeh, SecurityScorecard's patented rating technology is used by over 25,000 organizations for enterprise risk management, third-party risk management, board reporting, due diligence, cyber insurance underwriting, and regulatory oversight.

SecurityScorecard makes the world safer by transforming how companies understand, improve, and communicate cybersecurity risk to their boards, employees, and vendors. SecurityScorecard achieved the Federal Risk and Authorization Management Program (FedRAMP) Ready designation, highlighting the company’s robust security standards to protect customer information, and is listed as a free cyber tool and service by the U.S. Cybersecurity & Infrastructure Security Agency (CISA). Every organization has the universal right to its trusted and transparent Instant SecurityScorecard rating. For more information, visit securityscorecard.com or connect with us on LinkedIn.

Contacts

Stock Quote API & Stock News API supplied by www.cloudquote.io
Quotes delayed at least 20 minutes.
By accessing this page, you agree to the following
Privacy Policy and Terms Of Service.


 
IntelligentValue Home
Close Window

DISCLAIMER

All content herein is issued solely for informational purposes and is not to be construed as an offer to sell or the solicitation of an offer to buy, nor should it be interpreted as a recommendation to buy, hold or sell (short or otherwise) any security.  All opinions, analyses, and information included herein are based on sources believed to be reliable, but no representation or warranty of any kind, expressed or implied, is made including but not limited to any representation or warranty concerning accuracy, completeness, correctness, timeliness or appropriateness. We undertake no obligation to update such opinions, analysis or information. You should independently verify all information contained on this website. Some information is based on analysis of past performance or hypothetical performance results, which have inherent limitations. We make no representation that any particular equity or strategy will or is likely to achieve profits or losses similar to those shown. Shareholders, employees, writers, contractors, and affiliates associated with ETFOptimize.com may have ownership positions in the securities that are mentioned. If you are not sure if ETFs, algorithmic investing, or a particular investment is right for you, you are urged to consult with a Registered Investment Advisor (RIA). Neither this website nor anyone associated with producing its content are Registered Investment Advisors, and no attempt is made herein to substitute for personalized, professional investment advice. Neither ETFOptimize.com, Global Alpha Investments, Inc., nor its employees, service providers, associates, or affiliates are responsible for any investment losses you may incur as a result of using the information provided herein. Remember that past investment returns may not be indicative of future returns.

Copyright © 1998-2017 ETFOptimize.com, a publication of Optimized Investments, Inc. All rights reserved.