Insights blog.

Following an increase in ransomware cyber attacks, most notably May 2017’s WannaCry attack, U.S. public sector entities are starting to see the effects of these attacks on the almost $4 trillion municipal debt market. As a result, issuers are now starting to consider the cybersecurity posture of borrowers at the town, city, and local levels when they apply for bonds.

There are many details of yesterday’s ransomware attack are still being worked out, and its impact is still being assessed. Yet, there are many security diligence steps organizations can take to reduce exposure to these types of attacks. Below are best practices security and risk teams should be aware of, and implications for organizations who fall behind.

Want to know what it’s like to be a data analyst? Check out this Q&A with a member of Bitsight’s data science team to learn about what he does at Bitsight, his experience, and more.

In today’s day and age, organizations understand that data breaches are a growing problem, but many fail to realize that a third party breach can impact them as much as a breach on their own network. Here we’ll examine several misconceptions surrounding vendor risk management (VRM), and how you can proactively create a strategy to avoid common pitfalls.

This year marked another great Gartner Security & Risk Management Summit with over 3,000 attendees, bringing together CEOs, CIOs, CISOs, IT Directors, Risk Managers, and other risk and security professionals to National Harbor, MD from June 12-15. An underlying theme emerged from the numerous sessions I attended and the various conversations I had: all roads lead back to business value. Whether it’s a new vendor that a company is looking to onboard, or a cloud technology the organization is implementing, everything should tie back to a business decision.

Anyone who works in cybersecurity or organizational risk on a regular basis knows how valuable it is to stay up to date on the latest research. If you’re curious about a specific topic—anything from vendor security assessments to ransomware—or you want to improve your vendor risk management program, take a look at the cybersecurity resources and tips below. We’ve rounded up Bitsight’s most frequently downloaded guides, white papers, and research insights. And the best part? They’re all free.

Bitsight Security Ratings are based on security events and configurations present on a company’s digital infrastructure. As we discuss these ratings with companies, we’ve found that many of them have infrastructure registered to them that they are unaware of. With the recent WannaCry ransomware attacks (and with the increased frequency of cyber incidents overall), it is becoming critical that organizations take a more thorough look at their infrastructure. This preventative measure can help identify any vulnerabilities or malicious activity on unmonitored parts of a network, as well as confirm that accuracy of registrations.

For years, cybersecurity was considered a “check-the-box” discussion during the merger and acquisition (M&A) process. It was almost always examined to ensure there weren’t any glaring issues or major red flags—but there wasn’t a whole lot of care or thought put into it.

Read this Q&A with a member of Bitsight’s engineering team to learn about his role as a front-end developer in our Lisbon office, his experience, and more.

The financial services sector has traditionally been viewed as highly mature when it comes to cybersecurity initiatives. In fact, this Bitsight Insights report found that the financial sector had the highest Security Rating of all examined industries. But even though companies in the financial sector has been discussing the necessity of monitoring cybersecurity for quite some time, the threat landscape is constantly evolving—leading to a more complex cyber ecosystem every day. This makes it all the more critical to be proactive when it comes to cybersecurity issues.

Last month, thousands of computers across the world were infected by a strain of ransomware known as WannaCry. Estimates show that this massive attack impacted over 300,000 computers across banks, hospitals, telecommunications services, train stations, and numerous other critical services. Months before this attack, Microsoft had released a patch of all Server Message Block (SMB) vulnerabilities, including EternalBlue, which researchers believe is one of the vulnerabilities that criminals exploited to carry out the attack. Despite the available patch, it appears that many companies neglected to install the critical update (MS17-010) from Microsoft prior to the attack.

Check out this Q&A with one of Bitsight’s data scientists to learn about what she does as a part of our data science team, her experience, and more.

While your current Vendor Risk Management (VRM) or Third-Party Risk Management (TPRM) program may have areas of strength, there is most certainly room for improvement. These programs are a significant driver of both internal and external advisor time, extremely costly, and limited in scale. How can you harness more actionable insight to scale your program and truly and continuously understand the cybersecurity of your third parties? Using Bitsight Security Ratings, you can see a positive impact on your TPRM/VRM program by getting more value out of what you are already doing.

Want to know what it’s like to be an engineer at a fast-growing start-up? Check out this Q&A with a member of Bitsight’s engineering team to learn about his role as Engineering Manager, his experience, and more.

After the initial analysis of the WannaCry ransomware attacks, our Research & Development team put together a global assessment of the impacts and repair process needed for affected systems to recover.