Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Critical Vulnerabilities Discovered in Automated Tank Gauge Systems
Bitsight TRACE explores several critical vulnerabilities discovered in ATG systems and their inherent risk when exposed to the Internet.
This post was originally published July 18, 2016 and has been updated for accuracy and comprehensiveness.
Healthcare is under attack. Hospitals, doctors’ networks, insurance companies, and others are prime targets for hackers due to the valuable protected health information (PHI) they store and the vital role they play in our nation’s critical infrastructure.
Cyberattacks have increased significantly in recent years, bringing vital conversations about cybersecurity into the Boardroom. As Board oversight of cybersecurity has increased, Board members — even those without technical expertise — have had to become rapidly acquainted with IT risk and security concepts. In the past few years, frameworks and best practices have emerged to help these Boards get a grip on their organization’s cybersecurity posture.
This spring, the research paper titled “Risky Business: Assessing Security with External Measurements” was published on Cornell’s academic resource site. Authored by former Bitsight data scientist, Jay Jacobs, as well as fellow academics Stephanie Forrest and Benjamin Edwards, this paper highlights the research done to correlate security ratings with the incident of a breach. As such, the paper demonstrates how an organization’s security practices can be measured externally and how these practices can be linked to observed security problems. Using statistical analysis, the authors then study the correlation between risk vectors and botnet infections. The paper argues that this information is sufficient to assess the security maturity of an organization using only externally available information.
Today, disruptive risks are an area of focus for corporate directors worldwide. On a global basis, we face disruptions in areas like geopolitical volatility, economic slowdown, emerging technologies, cybersecurity threats, and climate change.
Since creating the Security Ratings market in 2011, a core component of Bitsight’s value to users has been providing industry-leading comprehensive visibility into malware communications.
This past Tuesday, Bitsight was named a Leader in The Forrester New Wave™: Cybersecurity Risk Rating Solutions, Q4 2018 evaluation. This report evaluates the current offering and strategy of vendors in a particular technology market, such as security ratings. This is significant, as this is the first analyst report that has a core focus on evaluating security ratings services solutions side-by-side.
An increasing number of security and risk teams are using security ratings to effectively assess the impact of their security programs as well as communicate changes to key decision makers — like the Board of Directors. These teams know that their company needs tools that provide an objective and quantitative view of their cybersecurity performance over time.
In today’s landscape, managing your internal security processes as well as creating a third-party vendor risk management program should be top of mind, but prioritizing a solid understanding of the metrics surrounding your cybersecurity programs almost just as important. These metrics should dive deeper than “yes” or “no” questionnaire answers, but should help you gain a more comprehensive understanding of where you and your third parties fall when it comes to proactively mitigating cyber risk.
For the last five years, Bitsight Security Ratings have been helping companies gain insight into the efficacy of their security programs, as well as the security performance of third and fourth party vendors. Today, the Bitsight Security Rating platform provides a year’s worth of data on all companies to paint a comprehensive picture of a company’s security posture over time.
Over the last several years, cybersecurity regulations (like NYDFS and GDPR) have placed pressure on the financial services industry to build and enforce some of the strongest risk management programs across any industry. These programs focus not only on internal security performance, but also on managing third party risk. Financial service organizations are both highly regulated and handle extremely sensitive personally identifiable information (PII), and as a result typically have higher security budgets when compared to other industries.
Within the Bitsight Security Ratings platform, we prioritize features that help organizations both identify and manage risks across their own networks and the networks of their third parties. Bitsight now enables users to identify organizations who are potentially vulnerable to VPNFilter malware or Oracle’s WebLogic server problems.
Last Thursday, Bitsight announced the closing of our Series D Round of funding. Not only is this important for our company, it is also extremely significant for the security and risk market as a whole.
Recently, Verizon announced the Verizon Risk Report (VRR), a new managed service offering that provides a security assessment framework to enable customers to gain a comprehensive view of their cyber risk. By combining external cybersecurity ratings, internal analysis, and culture and process assessments, Verizon is able to provide customers with a holistic profile of security performance and current posture, enabling customer to prioritize security investment and mitigate risks.
The launch
The launch
Last week, Bitsight released our new Security Rating Snapshot report.