Insights blog.

In February of 2017, Australia’s Federal Parliament passed the Privacy Amendment (Notifiable Data Breaches) Act 2017, amending the Privacy Act of 1988. These new mandatory breach notification requirements officially went into effect last month, February 22, 2018. The Notifiable Data Breaches (NDB) scheme establishes new requirements for organizations around the notification of data breaches that are “likely to result in serious harm.” Following suit with the GDPR, this new law aims to provide greater protection of personal information for individuals and transparency into data privacy practices of organizations. The amendment pertains to all organizations that are already expected to comply with the Privacy Act, also referred to as APP Entities, including both federal agencies and organizations (for profit and not-for-profit) with $3 million or more in annual turnover.

It’s no surprise that cybersecurity remains a top concern for business leaders today. In fact, PwC’s 2018 CEO Survey showed cyber threats rose from its position as the #10 organizational threat in 2017 to #4. As such, the market for cybersecurity solutions is extremely large, with forecasts putting the expected spending on security solutions at over $100 billion by 2020 (according to Gartner and IDC.) From traditional security hardware to more modern software solutions and a multitude of security services, security leaders have no shortage of options when it comes to strengthening the security posture of their organization. But where do security ratings fit in? Do organizations really need both security ratings and traditional security solutions like a SIEM? And if so, why?

A few months back we added a new feature to the heart of our security ratings portal: the ability for users to not only filter companies in their portfolios, but also to see real-time updated counts of how many "filtered" companies match their selected filter criteria. In practice, this allows users to quickly see, for example, all of their vendors in the Technology or Finance industry with an IP footprint in the U.K or Germany that use Amazon or Google as service providers.

In today’s day and age, reducing cyber risk needs to be a priority for your organization — but what is the most effective way to tackle building your security program? For seven years, Bitsight has proven that we have the most time-tested, trusted, and actionable security ratings that are now used by over 2,100+ customers. But when you become a Bitsight customer, what are the benefits that you actually receive besides our world-class security ratings solution?  

The federal government relies on tens of thousands of contractors and subcontractors — often referred to as the federal “supply chain” — to provide critical services, hold or maintain sensitive data, deliver technology, and perform key functions. Along with the Federal Government itself, these contractors and subcontractors face a multitude of cyber threats.

Last year, there were several new cybersecurity developments introduced around the globe to reduce the risk of catastrophic cyber events at national critical infrastructure. These include regulations from the New York Department of Financial Services (NY DFS), the White House’s Executive Order on Cybersecurity, the EU’s General Data Protection Regulation (GDPR), China’s new Cybersecurity Law, and Hong Kong’s Cybersecurity Fortification Initiative.

Companies typically buy several lines of insurance—from property, to general liability, to professional liability. When something goes wrong, it’s common for a company to run to its insurance provider and claim that it has coverage. But many times, companies like this assume that their insurance will cover them—but this may not always be the case.

Last year, Bitsight was proud to help drive the Principles for Fair and Accurate Security Ratings, published by the US Chamber of Commerce and supported by over 40 global organizations. The establishment of these Principles demonstrates the momentum and maturity of the security ratings market that Bitsight pioneered in 2011. The Principles were designed to promote fairness in reporting of cybersecurity performance and encourage the adoption of security ratings across all industry sectors.

Cybersecurity is a growing topic of discussion in Board meetings everywhere, and more and more security professionals are being asked to present on it in high level meetings. Company leadership is busy, so it’s your responsibility to present a case to them that’s ready for review. We reached out to some security executives and CIOs and asked them for tips on what common mistakes to avoid when presenting your case to executives or the Board.

New Tinynuke variant with a DGA in the wild

You’re responsible for information security at your organization. You dedicate yourself every day to identifying weaknesses and patching vulnerabilities in your network. You’ve developed policies to protect employees from cyber threats. You’ve designed procedures for responding in the event of a data breach, and you’ve practiced those procedures with company stakeholders.

Due to security, reliability, and growth reasons, organizations are constantly upgrading their software to newer releases. Some upgrades are incremental and minor in nature. Others, like the upgrade from Django Rest Framework (DRF) V2 to V3, require coding changes due to incompatibilities between the releases. This article is about Bitsight's upgrade experience, lessons learned, and how we improved because of it.

Policy pricing is something every insurance company and underwriter struggles with at some point. The primary issue is differentiating between the risk an applicant presents and the information you’re given. Let’s take a closer look at how policy pricing is examined in cybersecurity today.

For the second year in a row, Bitsight gave its engineers, product managers, and data and research scientists the day off from normal work to make something cool. The hackathon day had all the typical stuff: awesome custom-designed t-shirts, pizza for lunch, and a demo day the next day. The only “requirement” for teams was that they produce a working prototype to demo. We wanted actual code (not great code, necessarily, but code), not just design mocks.

If your company processes the data of individuals who reside in the European Union, the General Data Protection Regulation (GDPR) is likely a hot topic around the office right now. Once the regulation goes into effect in May 2018, companies in violation of the GDPR could face massive penalties. But creating a compliance plan for your company can be quite difficult if you’re unfamiliar with the language used in the regulation.