Insights blog.

This week the New York Times released a report warning that a group of Russian hackers going by the name “Evil Corp” has been attempting to exploit the rampant vulnerabilities presented by the US workforce shifting to working from home at remote offices, raising fears that major U.S. brands, news organizations, or even election systems could be disrupted with ransomware attacks. The research, conducted by Symantec, revealed that 31 large U.S. corporations, including Fortune 500 companies and news organizations, have fallen victim to Evil Corp, and those are just the ones we know about.

“Celebrity” vulnerabilities like BlueKeep attract the attention and resources of security teams, often hogging the spotlight, allowing other, less visible, but just as dangerous, weaknesses that could be exploited by bad actors to go unnoticed. IoT devices are a perfect case in point.

My team and I process and record all of the company’s expenses, so all the money that goes out. For me, my role on the team is more on the corporate card side, so anything that is paid on the company credit cards, I record and process in our system. I started mid-April 2019.

What is your background and how did you get into finance?
Prior to this job, I was actually working in retail at CVS, but my degree was in accounting, so that’s how I went from retail to there. I was actually recommended by Chels

Last year’s Capital One data breach ranks as one of the largest confirmed breaches ever, exposing the personal data of more than 100 million Capital One customer accounts stored in the cloud.

For years cybersecurity spending has experienced stratospheric growth. Then COVID-19 hit and forecasts took a grim turn. 

While many companies have succeeded in creating a sustainable remote workforce, this “new normal” environment remains particularly challenging for security operations teams. Accustomed to working in a physical security operations center (SOC), where collaboration and teamwork is key, security teams must find ways to operate efficiently while working from home.

Driven by the need to collaborate across remote work environments, COVID-19 has sped up the adoption of cloud services by many government agencies. Yet, questions about security remain.

This week the 13th edition of the Verizon Data Breach Investigations Report (DBIR) was released, which is usually a hallmark event of the cybersecurity world. As we have been in previous years, Bitsight is proud to be a data contributor to the report. After taking some time to give it an initial read through, however, one thing stood out loud and clear to us: how little has changed after 13 years.

In today’s ever-evolving, increasingly complex threat landscape, it’s more important than ever to have the necessary insights and resources to make data-driven security performance management decisions. 

As the U.S. biomedical community rushes to combat COVID-19, the FBI announced last week that, in a bid to win the race for a vaccine or cure, state-sponsored Chinese hackers are targeting U.S. researchers in an attempt to “obtain valuable intellectual property and public health data related to vaccines, treatments, and testing.” 

As cloud services increase in popularity, a worrying cybersecurity trend has emerged. According to the 2020 Trustwave Global Security Report, the volume of attacks on cloud services more than doubled in 2019 and accounted for 20% of investigated incidents. Although corporate and internal networks remain the most targeted domains, representing 54% of incidents, cloud environments are now the third most targeted environment for cyber attacks.

From a security perspective, your work isn’t done when a new vendor signs on the dotted line. After the onboarding process is complete, you must implement continuous monitoring practices to ensure your new third-party maintains the desired security posture — and doesn’t expose your organization to unwanted risk.

The COVID-19 outbreak has seen the roles of many cybersecurity professionals change — and many worry what it will mean for protecting their organizations from attacks.

Over the last several years Shadow IT has grown from a minor annoyance into a major threat to business operations. While the term is often used to refer to runaway tech spending by users in marketing or dev-ops or finance, it has in fact become a much larger issue that involves the very core of organizational infrastructure with the potential to pose enormous cyber risk.

When people talk about cybersecurity risks, the first area that normally comes to mind is malware. Some might even consider that it’s the worst event that can happen, as it normally indicates that a malicious actor has already bypassed the layers of security and now has free-reign to do what they want. The circumstances that led to the compromised systems, however, often tell a larger story. Issues like EternalBlue and BlueKeep require prompt response by system administrators in order to minimize the risk posed to their attack surface. Vulnerabilities often represent unpredictable changes of an organization’s attack surface that increase the risk of breach and compromise where the organization has to react accordingly based on their response plans and internal processes.