Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Critical Vulnerabilities Discovered in Automated Tank Gauge Systems
Bitsight TRACE explores several critical vulnerabilities discovered in ATG systems and their inherent risk when exposed to the Internet.
Cyber risk is everywhere. As organizations become increasingly interconnected — across business units, geographies, subsidiaries, remote offices, and third-party networks — the digital ecosystem is expanding rapidly. And this increased attack surface introduces a variety of new and evolving vulnerabilities.
The SolarWinds supply chain attack did more than just create cybersecurity problems for businesses and government agencies – it has had a strong impact on the mindset of CISOs. Already under stress, the incident further dispirited many CISOs who continually face escalating cyber threats. The SolarWinds hack was the latest – and biggest – shot across the bow.
Vendor risk management is top of everyone’s mind in light of the recent SolarWinds supply chain attack and concerns around weak points in the COVID-19 vaccination supply chains. Both exemplify the need for organizations of all types to take steps to fortify their vendor risk management processes.
The SolarWinds hack, discovered in late 2020 when FireEye announced it had been targeted through a third party vulnerability, has now become one of the most widespread and impactful supply chain attacks in history.
The SolarWinds supply chain attack discovered in late 2020 was a wakeup call for security managers across all industries. The hack is shaping up to be one of the most impactful attacks against a critical supply chain partner in history.
As if the COVID-19 pandemic wasn’t bad enough, the unpredictable events of 2020 created the perfect storm for a huge escalation in ransomware attacks.
Not to be forgotten during the chaos that was 2020 were the massive cybersecurity breaches that directly impacted some of the country’s largest businesses and their customers. Let’s take a closer look at four of the big data breaches of 2020 — and what we can learn from these incidents to avoid a repeat of similar events in 2021.
The SolarWinds breach is already one of the most significant cybersecurity incidents ever. And as with any unprecedented cyber event, this will have long-term effects on the way businesses and government consider their security programs. While many questions remain unanswered, the SolarWinds impact on the insurance sector has become clearer after an analysis we’ve completed with one of our partners. So, what should we expect the financial impact of SolarWinds on cyber insurers? And how can cyber insurers quantify a breach of this scale in the future?
The SolarWinds breach is already one of the most significant cybersecurity incidents ever. And as with any unprecedented cyber event, this will have long-term effects on the way businesses and government consider their security programs. While many questions remain unanswered, the SolarWinds impact on the insurance sector has become clearer after an analysis we’ve completed with one of our partners. So, what should we expect the financial impact of SolarWinds on cyber insurers? And how can cyber insurers quantify a breach of this scale in the future?
Remote work has always introduced unique and evolving cyber risks. In our “new normal” operating environment, where entire workforces have gone remote, IT security teams are facing an unprecedented challenge.
2020 was a transformative year that blew all predictions out of the water. As we look ahead to 2021, we will continue to see the repercussions of this year’s events.
In light of recent widespread breaches and security incidents, such as the cyber attack targeting SolarWinds, security and risk managers are under more pressure than ever to prove that their cybersecurity investments are actually paying off.
Not long ago, corporate executives would give only passing thoughts to their organization’s cybersecurity postures. Leadership and board members would take notice in the wake of a major data breach, for example, or a couple of times a year as a “check the box” exercise to maintain compliance with regulations. Overall, however, cybersecurity analytics didn’t really garner much attention.
The threat from malicious email represents one of the greatest risks to IT security. That threat continued unabated in 2020, especially in the wake of the COVID-19 pandemic. Research indicated that in 2020 the number of nefarious emails increased dramatically, reaching about 1.5 million malicious emails per day during one particularly intense three month period.
A week ago (which seems like a world ago given everything that’s happened with SolarWinds) Phil Venables -- formerly CISO of Goldman Sachs and now CISO of Google Cloud -- posted an interesting expose on security ratings this week. Phil has a better perspective than most on the value and challenges of ratings not only because of the positions that he’s held but also because he is one of the authors of the Principles of Fair and Accurate Security Ratings. These principles also guide how Bitsight thinks about our rating overall.