Insights blog.

With economic sanctions being levied by the US against Iran and a trade war heating up with China, some security experts are cautioning that attacks targeting US critical infrastructure may be inevitable. Are electric utilities prepared to defend themselves and their facilities against these attacks?

Back in May this year, President Trump issued an executive order banning US energy sector entities from acquiring electric equipment from foreign adversaries, citing potential cybersecurity threats.

Schools and colleges are facing an alarming increase in cybersecurity incidents. Some hackers seek ransoms while others see value in scooping up personally identifiable information to sell to identity thieves.

Cyber attacks are occurring more frequently and banks, insurance companies, and other financial services firms are prime targets. Due to the nature of these businesses and the sensitivity of their data, financial firms are hit with approximately 300 times more cyber attacks than businesses in other industries.

Technology companies — along with their partner ecosystems — are some of the most targeted organizations when it comes to cyber-attacks. In 2018, enterprises invested an average of 3.5 million on cloud apps, platforms, and services — making the sensitive information held in those platforms a top target for hackers.

The federal government relies on tens of thousands of contractors and subcontractors — often referred to as the federal “supply chain” — to provide critical services, hold or maintain sensitive data, deliver technology, and perform key functions. Along with the Federal Government itself, these contractors and subcontractors face a multitude of cyber threats.

Vendor security is becoming a focal point of risk management for many organizations. In many ways, this trend started with the Target breach from 2013, which highlighted the extensive financial and reputational impact of a third party security breach. Gartner estimates that by 2019, the need for transparency into operational and security activities within a vendor's value network will drive demand for vendor security by 30%.

PwC recently published The Global State of Information Security Survey 2016, which highlights security trends in a number of industries and key themes across all industries.

Students and faculty from the University of Central Florida (UCF) have filed a class action lawsuit alleging that the university failed to notify affected individuals of data loss resulting from a cyber attack in a timely manner.

In 2015, many college and universities suffered substantial data breaches. In each case outlined below, universities lost personally-identifiable information (PII) on thousands of individuals, from their student bodies to faculty and beyond. In addition to the theft of PII, higher education institutions can be the target of large-scale, sophisticated attacks designed to steal trade secrets and intellectual property. The commercial sector is heavily connected to the leading research in science and technology that stems from colleges and universities. Thus, the security posture of higher education institutions is of great importance on a national level.

Bitsight’s Third Annual Bitsight Insights Industry Benchmark Report: Are Energy and Utilities at Risk of a Major Breach? discussed the growing convergence of operational technologies (OT) and information technology (IT). In short, this issue revolves around making operational technologies internet enabled. These technologies - which include generation, transmission, smart grid systems, meter reading and more - are increasingly being brought online to enable a smarter grid and systems.

Data breaches at higher education institutions are becoming more and more common, putting them near the top of the list of industries most affected by cyber security risks. Hackers target .EDU networks because they tend to be left wide open for attacks, either because the schools fail to prepare against such intrusions or because network users fall victim to vicious phishing scams. As our latest Bitsight Insights report revealed, university security teams juggle diverse IT infrastructure needs and unique challenges, including BYOD culture and multiple network access points. This leads to a major slump in security performance throughout the school year. So how can universities overcome these challenges?