Insights blog.

Despite all the complex cybersecurity threats facing organizations around the globe, employee behavior often leads to security compromise. In a recent Experian survey, 66% of data protection and privacy training professionals say employees at their organizations are the weakest security link. Yet beyond training and educating employees, there are policies and controls organizations can implement to further reduce risk. By eliminating Illicit peer-to-peer file sharing and properly configuring email security protocols, organizations can diminish the likelihood that employees will inadvertently introduce malware into company networks.

Anubis Networks began monitoring Necurs, a malware family known for it's rootkit capabilities, in August 2015. Since then we have been able to observe approximately 50.000 unique IP addresses connecting to our sinkhole over a 24 hour time period. However, we recently discovered that we were only seeing a small part of the whole botnet.

Bitsight is proud to announce the release of our latest research report, ”Bitsight Insights Global View: Revealing Security Metrics Across Major World Economies”. This report looks at the Security Ratings of a random sample of 250 companies from the United States, the United Kingdom, Singapore, Germany, China and Brazil from May 1, 2015 to May 1, 2016. Security and risk professionals can use the findings of this report can utilize these findings to better understand the potential cyber risks of doing business in foreign countries.

Bitsight is proud to announce the release of new features that provide expanded data breadth to all customers. These new innovations enable customers to better identify risks in third party networks and their own networks. Annotations, a new innovation in the security ratings market that allows customers to add tags to specific parts of their network asset maps, providing context for customers to take appropriate action with new events on their network or the network of a third party. Furthering Bitsight’s mission to provide actionable data, Patching Cadence, the newest Diligence risk vector, is expanding data breadth in the platform. This risk vector evaluates a company’s responsiveness in patching major vulnerabilities. Learn more about these features that are helping customers better manage and streamline their security risk management efforts:

GhostPush is an Android malware that was first discovered in September 2015. Once installed on a user’s device, it will display unsolicited advertising, and install unwanted applications on the user’s device. This malware is also known for rooting the user’s device and making itself very hard to uninstall.

This is the final entry in a three-part series on Bitsight’s new Event Store. In the first and second posts, we described some key components of the architecture. Because of the limited number of access patterns we had to support (bulk inserts, mostly in chronological order; full scans, coarsely filtered by key range and time), we were able to implement a simple NoSQL-style database, using flat Parquet files on Amazon’s S3 as the storage layer.

Ransomware is a cash-in machine for criminals and we have just spotted another one come alive this week. Since 16th February, AnubisNetworks Labs team is tracking Locky, a malware that given the high volume of its distribution campaigns will rival with the big ones such as CryptoWall.

by Nick Whalen and Ethan Geil

This is a two-part blog post. First, you'll discover the key findings in our latest Bitsight Insights report titled “Peer-To-Peer Peril: How Peer-To-Peer File Sharing Impacts Vendor Risk and Security Benchmarking.” In the second part, you'll read on to uncover our recommendations for mitigating the risks of peer-to-peer file sharing. 

As we highlighted in a recent blog post, a diverse range of companies utilize Bitsight Security Ratings to manage cyber risk. Many of our customers are actively using these ratings to manage vendor risks, screen mergers and acquisition targets, underwrite cyber insurance and benchmark security performance. Regardless of how customers use these ratings within their security and risk programs, it is important that the ratings are both actionable and accurate.

by Ethan Geil and Nick Whalen

Bitsight’s Third Annual Bitsight Insights Industry Benchmarking Report looked at some of the major SSL vulnerabilities affecting organizations, including Heartbleed, POODLE and FREAK. Bitsight’s analysis found that a sizeable number of companies across all industries were still running services that were vulnerable to these flaws. As mentioned in our report, businesses can leverage this information as a measure to ensure that proper controls are being met internally. In addition, companies can gain insight into the performance of their key third party vendors when it comes to ensuring that they aren’t running vulnerable services.

Today Bitsight published our third annual industry benchmarking report: Are Energy and Utilities At Risk of a Major Breach? This report illustrates the latest security performance of the Finance, Federal Government, Retail, Energy and Utilities, Healthcare, and Education industries. All of these industries hold sensitive data- and as a result they are targets for hackers. Like we do for all of our Bitsight Insights, let’s dive into how each sector performed.

Today, we are pleased to announce that NAFCU Services has selected Bitsight as a Preferred Partner, giving its member credit unions access to Bitsight Security Ratings. The partnership is very timely: credit unions have been increasingly targeted with cyber attacks. A recent survey found that 84.4% of credit unions were impacted by a data breach in the last two years.

Today, Bitsight is excited to announce that we have raised $23 million in Series B funding. The additional funding will allow Bitsight to keep hiring exceptional talent, as well as extend sales and marketing initiatives in Europe and in the Asia-Pacific region. The funding will also allow us to accelerate the development of new data analytic products and add to our extensive data resources to ensure the most accurate ratings possible. Bitsight is thriled to have Comcast Ventures join as a new investor. We’re also thrilled that all of our current investors participated in this new round!