Insights blog.

The financial services industry is known for its mature cybersecurity programs. There are many drivers for this, one being the increasingly strict regulatory environment. For example, the Office of the Comptroller of the Currency (OCC) indicated in early 2017 that financial service companies should be prepared for examiners to evaluate third-party cybersecurity. 

In today’s market, an increasing number of security and risk management executives are being asked to present to the Board of Directors on the state of their — and their third parties’ — security and risk programs. Gartner estimates that by 2020, 75% of Fortune Global 500 companies will treat vendor risk management as a board-level initiative to mitigate brand and reputation risk. Bitsight understands that making an organization’s cybersecurity posture accessible to C-level executives and the Board of Directors is becoming more of a requirement within the business; we’ve added capabilities within Bitsight Security Ratings that arm security and risk management executives with actionable metrics that they can share with the Board of Directors.

Want to know what it’s like to be an engineer at Bitsight? Check out this Q&A with a member of our engineering team to learn about his role as Team Lead, his experience, and more.

If you’re involved in a healthcare-based organization, you’ve likely noticed the push for stronger vendor security and vendor risk management (VRM) practices. There are a few reasons for this.

Security media is pervaded by seemingly ever-increasing and ever-worsening reports of data breaches at businesses ranging from your mom-and-pop corner store to large retail and internet giants. But how accurate is the perception that breaches are on the rise? Are more security events actually happening, or are we simply observing increased compliance with strengthening reporting requirements? More importantly, can companies learn from these incidents or are businesses doomed to repeat them?

A loss trend can be defined as a projected loss expectation based on historical data. If you find that past losses might be indicative of potential future losses, you can then use this information to price your services accordingly. 

In today’s world, organizations must be extremely conscientious about their vendors. It is just as important to be aware about the security of third-party networks as it is to be aware of their own. In April 2017, Netflix’s new season of the hit show “Orange is the New Black” was stolen and leaked after they ignored several ransom requests by a hacker. The agent was able to breach Larson Studios, a third party postproduction company for Netflix. It’s critical that organizations have a vendor risk management (VRM) program in place to address the risk posed by third parties. As outsourcing and the use of cloud services continues to grow, it’s even more crucial that the strategy can scale to meet the rising demands to increase the number of vendors. This is where many companies are falling short today.

Want to know what it’s like to be an engineer at Bitsight? Check out this Q&A with a member of our engineering team to learn about his role as an engineering director, his experience, and more.

Here @Bitsight, we are committed to our mission to transform the understanding of cyber risk through the usage of Security Ratings. It’s pretty serious stuff and involves lots of inspiration and even more perspiration. BUT we are not just about work. It’s important to us to have balance — to be involved in the local community and also to have plenty of fun.

In today’s security ratings services market, a few companies have offerings described as “swaps” or “slots.” When considering third party monitoring, this gives organizations the option to “trade out” which vendors they are monitoring when they see fit. But, does this type of disjointed monitoring actually proactively mitigate risk (which is the goal of utilizing a security ratings service) or just shift it around and hide it? This approach poses several problems.

Want to know what it’s like to be an engineer at Bitsight? Check out this Q&A with a member of our engineering team to learn about her role as a software engineer, her experience, and more.

As an underwriter who’s constantly trying to balance being both quick and careful, the worst thing you can do is treat every single applicant the same. Doing so can ultimately be setting you up to take on more risk than you’d expect. Of course, the more experience you have, the better you’re able to quickly assess a company’s risk posture.

Bitsight recently completed a reorganization of a large part of our Single Page Application (SPA) code. Our goal was to make our codebase more scalable and developer-friendly by adding a few simple rules for where different parts of the application should live. In this article, I’ll describe what we left the same, what we changed, and how we did this while continuing to ship features on time.

There’s no doubt that organizations understand the value of implementing strong cybersecurity programs and encouraging their third parties to do the same. As data breaches continue worldwide, 63% of those breaches are caused through a third party vendor, according to Soha Systems’ Third Party Advisory Group. As such, Boards of Directors realize the need to have security and risk practitioners such as Chief Information Security Officers (CISOs) and Chief Information Officers (CIOs) provide their expertise and guidance. In today’s landscape, cyber risks are at the front of Boards’ minds. This is why it is critical that security practitioners be in the room.

You’ve heard it said that a chain is only as strong as its weakest link. When it comes to your cybersecurity team, this adage couldn’t be more appropriate. If you want this team to perform with both diligence and accuracy, it’s critical that you consider the following: