Insights blog.

Cybersecurity incidents are on the rise, and the monetary setbacks for victims are considerable. The average cost of a data breach in the U.S. has soared to nearly $8.6 million, and these costs are expected to grow by 15% over the next five years.

It happened again - another disruptive ransomware attack. On July 2, 2021 Kaseya, a Florida-based software provider that provides Remote Management Monitoring, warned of its software being abused to deploy ransomware on end-customers' systems.

Bitsight, the Standard in Security Ratings, has established itself as not only a clear leader in security ratings but now also in the burgeoning field of data privacy.

In an effort to demonstrate to its customers how seriously it takes protecting their data, and to lead the market to implement more comprehensive data privacy systems and practices, Bitsight is now the proud recipient of TrustArc’s TRUSTe APEC CBPR Enterprise Certification and the TRUSTe APEC PRP Enterprise Certification.

In order to receive this designation, Bitsight completed a demanding certification process based on a comprehensive set of requirements governing data privacy management practices, including the privacy standards set forth in the APEC Cross Border Privacy Rules (CBPR) and the APEC Privacy Recognition for Processors (PRP) Systems. These practices are further detailed in the TRUSTe Enterprise Privacy & Data Governance Practices Assessment Criteria.

The European Union (EU) will soon launch a new regulation that will require banks and firms in the global financial industry to mature their third-party risk management programs to include set cybersecurity requirements – which will also apply to the critical Information and Communication Technology (ICT) service providers they are working with.

Microsoft recently announced that the threat actor Nobelium continues to target government agencies, think tanks, consultants, and non-government organizations with cyber attacks. 

Spurred by the pandemic and a need for greater collaboration and business efficiency, cloud adoption is soaring. According to the Flexera 2021 State of the Cloud Report, spending on cloud services this year is predicted to be higher than ever.

To gauge the impact of flawed pseudorandom number generators in network devices, Bitsight scanned the public Internet for RSA public keys and was able to factor the public modulus and recover the private keys for 41,225 network devices. Bitsight has also found that the prevalence of such vulnerable devices on the Internet has been declining in recent years; however, many still pose a risk to organizations that lack security controls to prevent the inadvertent exposure of unmanaged network assets to the public Internet.

In the six months since the SolarWinds supply chain attack there has been increased action in the cybersecurity breach world – and the bad actors aren’t letting up. This means that cybersecurity protection is more critical than ever. 

According to a Cybersecurity Ventures report, global cybercrime costs are expected to grow by 15% per year over the next five years — reaching $10.5 trillion USD annually by 2025. In light of this evolving threat environment and recent widespread security events, today’s cybersecurity leaders are under more pressure than ever to prove that their investments in their programs are actually paying off.

After last week’s catastrophic cyber incident targeting Colonial Pipeline, could more U.S. Oil and Energy companies be at risk of a ransomware attack? 

In light of recent significant attacks targeting the U.S. government, the Biden administration issued an Executive Order (EO) on cybersecurity on May 8, 2021.

Overall, the EO starts to fill in some critical gaps in US government cybersecurity capabilities. The EO is designed primarily to protect Federal infrastructure, but will also have significant impact on private sector service providers (e.g. software providers) who will now be required to meet new security requirements in order to do business with the U.S. government.

Organizations rely on third-parties to keep competitive in the marketplace. The EY global third-party risk management survey highlights that in 2019–20, over 33% of the 246 global companies surveyed were managing and monitoring third-party risk for over a 1000 vendors. As more vendors are onboarded into company networks, managing cybersecurity threats becomes a greater challenge, but a necessity.

Security risk assessments are an important tool in your organization’s arsenal against cyber threats. They shine a spotlight on areas of risk in your digital ecosystem, inform and prioritize mitigation strategies, and ensure hard-earned resources are allocated where they’re needed most. Assessments can also help you evaluate your third parties to mitigate the very real possibility that they’ll introduce unwanted risk into your organization.

A couple of years ago, industry research firm Gartner introduced a new acronym—SOAR—into the cybersecurity nomenclature. SOAR stands for “security orchestration, automation, and response.” It’s not an individual tool, or even set of tools. Like ISO 27001, GDPR, FISMA, and others, SOAR is a cybersecurity framework organizations can use to create an effective risk mitigation strategy.

It’s hard to believe, but Bitsight is celebrating our 10 year anniversary this week! I co-founded Bitsight in 2011 with my friend and grad school classmate, Nagarjuna Venna. When I think back at our original idea of creating a global cybersecurity ratings system, I’m surprised that our original thesis and vision still holds true today. It’s been an incredible journey filled with twists and turns, and I wanted to share some thoughts about where we’ve been and where we’re headed in the next decade.