Insights blog.

Cyberattacks on state and local governments are on the rise. In 2020, more than 100 government agencies, including municipalities, were targeted with ransomware – an increasingly popular attack vector. 

To ensure the security & resilience of critical infrastructure & digital services, the EU introduced the Directive (UE) 2022/2555 (NIS 2). See how Bitsight can help.

Bitsight has identified nearly 100,000 exposed industrial control systems (ICS) potentially allowing an attacker to access and control physical infrastructure.

Discover the performance areas policymakers should begin measuring, why these are important and how they should collect the data.

The U.S. government recently released a new National Cybersecurity Strategy, detailing recommendations and changes to ensure a safe and secure digital ecosystem. Here's our takeaways.

Are organizations prepared to meet new cyber incident disclosure requirements? The latest report from Bitsight's data analysts shows it might be easier said than done.

The UK Cyber Resilience 2022 strategy is a remarkable blueprint for any organization looking to improve cyber resilience. What lessons can be learned?

The situation between Russia and Ukraine has been escalating since the start of January, when Russia stationed more than 100,000 troops along the Ukrainian Border. Although cyber security is not the primary concern in the current situation, there is a cyber security component that absolutely should not be overlooked.

We believe a war in the region would have a direct impact on the cyber threat landscape. Both Poland and Lithuania have recently raised their countries' alert level, just hours after Ukraine reported its defense ministry and two banks had been hacked. In the US, CISA has issued a recommendation for all organizations, regardless of size, to adopt a heightened posture when it comes to cybersecurity. Meanwhile, Russia launched a full scale attack on Ukraine territory, which is still developing, and its full reach still remains to be seen.

Disrupting the flow of goods and services is a keen priority for threat actors and critical infrastructure has long been a favored target. In 2021, the Colonial Pipeline ransomware attack caused a devastating impact to the economy when Russia-based hackers halted fuel movement along the critical U.S. Gulf and East Coast pipeline.

But this and other attacks may only be the beginning of an alarming ransomware trend aimed at U.S. critical infrastructure. Ransomware-as-a-service tools make ransomware easy to execute, making it the dominant cyber threat to enterprises in 2022. Indeed, the FBI recently warned that hackers have already developed ransomware code designed to disrupt critical infrastructure or industrial processes.

Microsoft recently announced that the threat actor Nobelium continues to target government agencies, think tanks, consultants, and non-government organizations with cyber attacks. 

In light of recent significant attacks targeting the U.S. government, the Biden administration issued an Executive Order (EO) on cybersecurity on May 8, 2021.

Overall, the EO starts to fill in some critical gaps in US government cybersecurity capabilities. The EO is designed primarily to protect Federal infrastructure, but will also have significant impact on private sector service providers (e.g. software providers) who will now be required to meet new security requirements in order to do business with the U.S. government.

A week ago (which seems like a world ago given everything that’s happened with SolarWinds) Phil Venables -- formerly CISO of Goldman Sachs and now CISO of Google Cloud -- posted an interesting expose on security ratings this week. Phil has a better perspective than most on the value and challenges of ratings not only because of the positions that he’s held but also because he is one of the authors of the Principles of Fair and Accurate Security Ratings. These principles also guide how Bitsight thinks about our rating overall.

Significant concerns have been raised about the security of the 2020 United States election. Hundreds of millions of dollars in Federal funding has been made available to state and local governments to improve the security of election systems and remediate vulnerabilities within critical organizations. Congressional hearings have highlighted risks to electronic voting systems and the vendors who manufacture them. Government task forces have been created to address the challenge.

Driven by the need to collaborate across remote work environments, COVID-19 has sped up the adoption of cloud services by many government agencies. Yet, questions about security remain.

As federal government guidance on social distancing due to the COVID-19 pandemic is extended through April, a new reality is setting in for federal workers — a prolonged period of telework, even beyond the coronavirus crisis.