3rd Party Risk Management , Cybercrime , Fraud Management & Cybercrime
SecurityScorecard and LIFARS CEOs Discuss New Merger
Acquisition Combines Enhanced Digital Forensics, 3rd-Party Management OversightSecurityScorecard, a firm that analyzes the cyber hygiene of vendors and organizations, has completed its first-ever acquisition of security forensics firm LIFARS. As cybercrime such as ransomware continues to rise, this acquisition represents a growing need for a "360-degree approach" when it comes to IR, the executive leadership of both companies agree.
See Also: Preparing for New Cybersecurity Reporting Requirements
To address the growing cyberthreats on the horizon, SecurityScorecard and LIFARS are joining forces and, according to leadership, it will bring together two areas of importance in security for the coming year: third-party risk management and digital forensics. Aleksandr Yampolskiy, CEO and co-founder of SecurityScorecard, and Ondrej Krehel, CEO and founder of LIFARS, tell Information Security Media Group how this newly formed partnership will bring change to the security world.
The acquisition is a way to meet customer demands "for enhanced security insights and response capabilities," Yampolskiy says. And LIFARS, which has more than a decade of experience working in the public sector, has extensive knowledge of ransomware mitigation.
LIFARS has built strong relationships in the public sector, including being involved with many high-profile cases connected to the public sector. Recently, LIFARS gave witness testimony on a hacking case linking three North Korea-backed threat actors to developing malicious techniques to steal more than $1.3 billion in fiat currency and cryptocurrency (see: North Korean APTs Target Cryptocurrency Startups.
"The acquisition of LIFARS immediately strengthens and extends our ability to provide proactive security assessment and post-breach services, particularly in the public sector space," Yampolskiy says.
No changes are initially planned to disrupt the work process, Yampolskiy says. LIFARS team members will become a part of the DFIR practice within SecurityScorecard's Professional Services group.
Through the merger, LIFARS will also be able to build its data collection efforts to "fix the gaps faster, which is especially important for monitoring third-party vendors," Krehel says.
LIFARS' Role in High-Profile Indictments
In 2021, there was a growing demand for security safeguards with continued digital transformation, which continues into 2022. On the more negative side of an increasing digital ecosystem is a rise in cyberattacks related to ransomware, especially TTPs involving nation-state actors.
LIFARS has responded to many notable network compromises in partnership with public-sector agencies globally, including the U.S. Secret Service, FBI, Department of Homeland Security and Europol, among others.
"A federal indictment was unsealed early last year that charged three North Korean computer programmers with criminal conspiracy to steal and extort more than $1.3 billion from financial institutions and companies by creating and deploying multiple malicious cryptocurrency applications through a fraudulent blockchain platform," Krehel tells ISMG.
In its past work, LIFARS has also played a part in federal-level investigations of notorious North Korean nation-backed threat groups such as Lazarus and Iranian actors charged in deploying SamSam ransomware against hospitals.
Scoring Criteria
With digital transformation, organizations - particularly ones that must meet rigorous compliance standards - face a growing number of risks and threats.
SecurityScorecard focuses on transparency and discerning whether an organization is improving its security practices or whether they are worsening over time. As organizations tap third parties more frequently to manage various elements of the security ecosystem, TPRM is predicted to be an area of growth in 2022, with new regulatory movement at the federal level as well as regional regulations in local jurisdictions (see: SEC Chair Seeks to 'Modernize' Cybersecurity Regulations).
SecurityScorecard's data collection process are "the building blocks," and adding LIFARS's skilled security forensics specialists will be a way to "fix the gaps faster," Yampolskiy says.
Through analysis of billions of data points weekly, the company is able to provide in-depth risk ratings, giving clients a way to prioritize the holes in their security plans. This helps it focus on the risks that are more time-sensitive or pressing.
Gaining LIFARS' digital forensics experts will also allow SecurityScorecard to empower clients to make faster decisions when a breach has occurred, he says.
Krehel says that in addition to the historical services LIFARS has been able to provide customers, it will now have access to "proactive security assessments" and "unique insights" that will help security teams manage third-party vendors as outside security firms are tapped more and more in 2022.
"The need for greater visibility into [an organization's] entire IT landscape has never been more important given today’s evolving threat landscape," he says, adding that "a 360-degree approach to security prevention and response" is in the works.
'A Natural Fit'
The ultimate goal for the merger between SecurityScorecard and LIFARS is to position the company to be a leader in digital forensics, aiding security firms in presenting "their best security posture," says Yampolskiy.
LIFARS had similar company culture as SecurityScorecard and has a "customer-centric mindset," as well as a focus on cyber resiliency to make the world a better place, he says.
"Both companies have core values on being results- and solution-focused, mutual individual and team respect, collaborative and transparent," he says, "We are also both highly focused on driving incredible value and results to our customers, so it is a natural fit."