Speak to an Expert Emergency

Get a hackers-eye view with Blackfoot’s Cyber risk scorecards

Why you need cyber risk scorecards

Visual board reporting

Our cyber risk scorecards give an easy-to-understand one-page guide to current and historical external security events to inform your leadership board

Analyse your critical suppliers and partners

Our cyber risk scorecards deliver a consistent way of measuring cyber-risk in your supply chain

See what your attackers can see

Our cyber risk scorecards give you a hackers-eye view of your organisation’s web-facing assets

Blackfoot’s cyber risk scorecards provide a clear overview of your organisation’s cybersecurity risk exposure, helping you prioritise and manage your most critical risks and enhance the organisation’s security posture.

Our Accreditations

Crest logo
Crown Commercial Service Supplier logo
Cyber Essentials logo

What is a cyber risk scorecard

Cyber risk scorecards are a useful tool in providing a hackers-eye view of your organisation.

They work by using open source intelligence (OSINT) techniques to collect data from 400+ OSINT resources across a span of internet-wide scanners, without ever touching your organisation’s assets.

By assessing, quantifying and communicating your organisation’s digital footprint, our cyber risk scorecards provide valuable insights in a structured and visual manner.

Our method

Blackfoot’s cyber risk scorecards employ Cyber-Threat Susceptibility Assessment (CTSA) methodology.

CTSA is a methodology for evaluating the susceptibility of a system to cyber-attacks developed by MITRE. CTSA quantitatively assesses a system’s ability to resist a cyber-attack over a range of catalogued attack tactics, techniques and procedures (TTPs).

To generate the cyber-risk rating, Blackfoot needs only company domain information.

Our scorecard engine collects information from VirusTotal, Passive DNS servers, web search engines and other internet-wide scanners, as well as proprietary databases, which hold more than 10 billion historic items. The engine searches the databases to find all IP address ranges and domain names that belong to the company.

The resulting map shows how hackers can leverage attack vectors using OSINT resources like hacker forums, social networks, Google, leaked database dumps and paste sites, or even legitimate security services like VirusTotal, Censys, Cymon, Shodan or Google Safe Browsing.

Blackfoot’s cyber risk scorecards compile this data into a simple, understandable report with letter-grade scores to help identify and mitigate potential security risks.

The platform identifies known vulnerabilities (CVE/CWE), the risk score of the corresponding vulnerabilities/weaknesses (CVSS/CWSS) and attack patterns (CAPEC/FIPS-199 impact level).

We also classify the findings into FISMA Cyber Security Framework area and maturity level, NIST 800-53 control family, FIPS-200 area and NIST 800-37 process step.

All this is achieved without scanning or modifying any of the organisation’s business assets.

Why companies trust Blackfoot

Speak to an Expert

Call us on +44 (0) 203 393 7795

We value what our customers think of us

Get in touch

*Fill in the fields below

    Get the Latest Industry News

    We’ll keep you informed about potential risks and vulnerabilities that could impact your digital assets.