Insights blog.

Bitsight is moving fast, but we don’t want to sacrifice code quality for speed, which is why tests have always played an important role in our development process. Although we are not doing TDD (Test-driven development), one of the key requirements for doing test heavy development is that the full test suite should be fast. If running all tests takes less than 5 minutes, developers are more likely to run them frequently and keep adding more tests. However, Bitsight's portal application is a bit of a monolith and takes longer than we would like to run test suites.

Over the last several months, members of our product team have been working to aggregate all of Bitsight’s security ratings data and highlight important insights about patterns in data breaches. In fact, Bitsight boasts one of the largest data breach data sets. Of course, this only highlights what data Bitsight has visibility into; with the largest sinkholing infrastructure in the world and the security posture of over 130,000 organizations, we have the most comprehensive view into global breach trends.

CISOs and other security leaders are tasked with protecting their organizations from cyber attacks. That means developing and implementing the policies, controls, and procedures that reduce risk and ensure the safety of sensitive data. It also means keeping the cybersecurity program alive and well-funded.In other words, security leaders are fighting on two fronts. When executing a cybersecurity plan, they must employ two distinct yet equally important skill sets: the technical skills to mitigate risk, and the strategic skills to make the case for cybersecurity to their colleagues. Striking a balance between these two categories is tricky. We’ve got some tips for CISOs and other security leaders looking to execute their cybersecurity plans effectively and achieve sustainable results.

Early last month, it was disclosed that Ticketmaster suffered a data breach through a third party service provider as part of a payment card hacking campaign; Ticketmaster was just one of hundreds of victims. The threat actor, Magecart, compromised over 800 e-commerce sites by secretly installing digital card-skimming software on third-party components and services used by these retailers.

Cybersecurity is a multifaceted topic with many constantly evolving variables. For CISOs and other security leaders, just knowing where to begin can be a challenge.Let’s say you’ve just taken over an organization’s cybersecurity program, or have been tasked with building one from scratch. You have a limited budget and limited personnel, so you can’t accomplish everything at once. Which tasks deserve your focus in the critical first few months? We’ve rounded up some cybersecurity tips from industry experts to help guide your initial strategy.

[updated January 10, 2021]

On a Friday morning in October 2016, millions of people across North America attempted to visit popular websites including Spotify, Reddit, and the New York Times, only to find that they were inaccessible.

On July 12th, eighteen Bitsight employees participated in the Boston Children’s Hospital Corporate Cup. This is an annual event where local Boston companies from across all sectors compete against each other for a good cause: raising one million dollars for the children at Boston Children’s Hospital.

Over the last several years, cybersecurity regulations (like NYDFS and GDPR) have placed pressure on the financial services industry to build and enforce some of the strongest risk management programs across any industry. These programs focus not only on internal security performance, but also on managing third party risk. Financial service organizations are both highly regulated and handle extremely sensitive personally identifiable information (PII), and as a result typically have higher security budgets when compared to other industries.

With every reported data breach or cyberattack, the cyber risk landscape gets a little more complex. Cyber criminals create new attack vectors, cybersecurity professionals develop new controls to protect their systems, the criminals get to work circumventing the controls, and so on.The result of this back and forth is that cyber risk professionals have a huge variety of risk factors to worry about. In response, risk managers and security specialists need to develop extremely complex cybersecurity programs to make sure all of their bases are covered. With so many cybersecurity risks to consider, it’s inevitable that some will receive less attention than they deserve. Unfortunately, these overlooked risk factors could play a role in your next cyberattack, and if your financial services firm isn’t prepared, that could be extremely costly. Here are a few historically overlooked risk factors that deserve some additional attention:

Within the Bitsight Security Ratings platform, we prioritize features that help organizations both identify and manage risks across their own networks and the networks of their third parties. Bitsight now enables users to identify organizations who are potentially vulnerable to VPNFilter malware or Oracle’s WebLogic server problems.

Last Thursday, Bitsight announced the closing of our Series D Round of funding. Not only is this important for our company, it is also extremely significant for the security and risk market as a whole.  

Last month, the EU NIS Directive (Directive on Security of Network and Information Systems) went into effect. This directive is the first EU-wide piece of legislation specifically focused on cybersecurity. Its goal is to “achieve a high common level of security of network and information systems within EU.” Network and information systems, and the essential services they support, play a vital role in society; their reliability and security are essential to everyday activities.

If you’ve done your homework as a cybersecurity professional, then you know that third-party vendors with substandard security controls and processes could be putting your organization at risk.

On June 9th, a Bitsight team participated in the annual Boston Pride parade for the first time. Boston Pride is a celebration of the city's LGBTQ community and its allies that brings thousands of marchers and spectators into the streets. The parade finishes with a festival at City Hall.