Insights blog.

Bitsight is proud to announce that John Kelly, Bitsight’s vice president of global channel sales, has been named to CRN’s 2020 Channel Chiefs list. The annual award recognizes an elite group of IT channel leaders who drive the channel agenda and evangelize the importance of channel partnerships.

ElevenPaths, Telefonica’s Cybersecurity Unit, recently released a new report that summarizes the latest cybersecurity insights from the second half of 2019 — covering everything from relevant incidents and vulnerabilities to cyber risk ratings by sector. The information presented is mostly based on the collection and synthesis of internal data that has been contrasted with public information from high-quality sources, including Bitsight Security Ratings.

What do you do at Bitsight and when did you start?

Back in 1990, Hollywood producers imagined a complex plot in which an army of mercenaries with malicious intent hack into and take over the air traffic control system at Washington Dulles International Airport. The result was the classic movie, Die Hard 2.

For anyone in IT (and even home computer users), Microsoft’s monthly “Patch Tuesday” is an important part of their cyber hygiene routine. This month’s update proved to be a particularly critical one.

In November 2019, the Federal Financial Institutions Examination Council (FFIEC) released an update to the Information Technology Examination Handbook (IT Handbook). This handbook is a guide for examiners at its member agencies, which include the FRB, FDIC, NCUA, OCC, and CFPB.

This week, Microsoft ended support for the Windows 7 operating system. Among other implications, Microsoft will no longer issue security patches for the nine-year-old OS. Any organization relying on the OS moving forward could be susceptible to a security issue, attack or data breach unless they purchased extended support from Microsoft. 

I am on the technical research team and I manage the data breach team. We have about five people in Lisbon that record breaches that you see in the news and that we request through the Freedom of Information Act (FOIA). I approve their work, and I send FOIA requests to various attorney generals’ offices for breach notifications that they get. I do those requests myself, and the team records them into the Bitsight portal.

Each January, cybersecurity pundits busily fill the airwaves with their predictions for the year ahead. There’s much to think about. However one trend is particularly troubling for U.S. and European businesses – an intensification of a new cybersecurity “cold war.”

Rising tensions in the Middle East in the wake of the killing of General Qasem Soleimani, the head of Iran’s military Quds Forces, has U.S. troops on high alert.

Since the creation of the first CISO role about 25 years ago, the job has changed dramatically. What was once an uncommon position has quickly become standard, with the majority of companies including a cybersecurity-specific role in their C-suites. 

The California Consumer Privacy Act (CCPA) is one of the most sweeping acts of legislation in the U.S. relating to the protection of personal consumer information collected by businesses. But what does CCPA mean for cybersecurity and risk leaders? In this post, we explore the key compliance requirements of the CCPA and what actions businesses need to take from both a data privacy and cybersecurity standpoint.

Friday the 13th of December proved to be a cybersecurity nightmare for the city of New Orleans -- and it’s not over yet. At around 5.00 a.m., “suspicious activity”, including evidence of both ransomware and phishing, was detected on the City’s network. Activity progressed throughout the morning until 11.00 a.m., when a cybersecurity incident was confirmed.

Mimicking reality is the latest frontier of cybercrime and it’s a growing threat. Cyber criminals are increasingly deploying AI and machine learning to fool unsuspecting victims into believing that they’re seeing or hearing something that they’re not--and pulling off deepfake scams in the process. 

Cyber-attacks have dominated the headlines in the past decade; wreaking havoc with systems, holding data to ransom, undermining public trust in corporations and governments, and causing untold financial damage.