Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Critical Vulnerabilities Discovered in Automated Tank Gauge Systems
Bitsight TRACE explores several critical vulnerabilities discovered in ATG systems and their inherent risk when exposed to the Internet.
Now more than ever before, it’s critical to build a strategic security performance management program in which you take a risk-based, outcome-driven approach to measuring, monitoring, managing, and reporting on your organization’s cybersecurity program performance over time. Of course, in order to do so, you need an easily understandable framework through which you can conduct a cyber risk analysis and lead meaningful conversations on the business impact of your organization’s risk exposure.
Accelerated by the pandemic, digital ecosystems are expanding. New ways of working remotely, and the rapid adoption of cloud technologies have increased the number of digital touch-points that employees interact with. Unfortunately this expanded attack surface creates new points of exposure that make it difficult for security leaders to pinpoint where cyber risk exists, or when a risk is worth concern.
Whether your organization is just beginning to develop your security performance management systems, or you already have a mature and established program in place, there is always room to innovate and improve the cyber risk monitoring tools you use.
There’s no question about it: Being exposed to cyber risk is an inevitable part of doing business in today’s world. In fact, a recent ESG study found that 82% of organizations believe that cyber risk has increased over the past two years.
The unfolding Hafnium attack is the latest event in the trend of cyber events. CISO’s are starting to recognize that enterprise cyber security is being redefined to mean me and all my suppliers, or the combination of first and third party cyber risk is enterprise risk. NotPetya demonstrated that breaching a small accounting firm could cost a firm like Merck over $1B in damage.
Oftentimes, security managers fall into the trap of believing that a large or commonly used cloud services organization is safe to have connected to their network. Cloud services providers aren’t immune to bad actors targeting their network, and in reality can expose extremely sensitive information when they are targeted.
Organizations around the globe continue to address the fallout from the Microsoft Exchange Server zero-day attacks. It was recently announced that hackers may now be exploiting the vulnerabilities in Exchange to drop ransomware into vulnerable systems via backdoor attacks (or Web shells). There is significant urgency for organizations to update their systems and patch immediately to stop these backdoor attacks that originated with Exchange.
Microsoft Exchange is a critical business software used by organizations around the world for email. Sensitive data and communications are stored and transacted on the platform daily. In an unusual situation, threat actors have performed mass exploitation on zero-day vulnerabilities associated with Microsoft Exchange.
Microsoft Exchange is a critical business software used by organizations around the world for email. Sensitive data and communications are stored and transacted on the platform daily. In an unusual situation, threat actors have performed mass exploitation on zero-day vulnerabilities associated with Microsoft Exchange.
As a recent Forrester report highlighted, there are many cybersecurity ratings available. Security ratings have a valuable place in your overall cyber risk mitigation strategy, for many reasons.
On March 2, Microsoft announced that it has detected multiple zero-day exploits being used to attack on-premises versions of Microsoft Exchange Server. According to Microsoft, in the attacks observed, cybersecurity threat actors used this vulnerability to access on-premises Exchange servers, which enabled access to email accounts, and installed additional malware to facilitate long-term access to victim environments.
You can tell a lot about someone by the company they keep, and the same goes for your security ratings partner. All security ratings are not created equal.
It’s every security manager's worst nightmare. A member of the IT department reaches to alert that malicious software has been detected on an internal network, and the hacker potentially has access to layers of sensitive data. In the following days and weeks of remediation, locating an access point, and reinforcing cybersecurity measures, security managers often ask themselves, “could this data leak have been prevented?”
Bitsight was recently named a Leader in The Forrester New Wave™: Cybersecurity Risk Rating Solutions, Q1 2021. As the creator and largest vendor by market presence in the category, we were honored to be recognized and to be the only vendor recognized for having differentiated product roadmap and go-to-market strategy.
Despite the best efforts from security and risk leaders, it can be extremely difficult to establish an efficient and effective enterprise risk management plan. As with anything that requires buy-in from the executive level, there has to be defined goals and clear paths the security team will take to make investments in their program feel worth it.