Insights blog.

PwC recently published The Global State of Information Security Survey 2016, which highlights security trends in a number of industries and key themes across all industries.

Right now, the UK is in political turmoil, which makes any long-term cyber security predictions difficult. But it is possible to make statements about cybersecurity in the short term.

Vendor management spans a wide variety of topics: from contracts, to metrics, to relationships, and beyond. But one of the most critical aspects of vendor management—particularly for a CISO—is how to manage the risk your vendors bring to the table. 

In June 2016, we observed an all time high of number of infections worldwide, breaking the previous record and raising the number of unique active observed IPs to 20,579,894 measured over a 7 day time window.

The importance—and urgency—of cybersecurity measures have become increasingly visible in recent years. Yearly industry reports from the likes of Verizon, Trustwave, and PwC all express the importance of cybersecurity measures and the costly consequences of cyberattacks. No company wants to become another data breach statistic—but some decision-makers still may not understand the urgency of cybersecurity protection. 

Surveys highlighting third-party security and supply chain risk management best practices are conducted regularly. Many of them draw a similar conclusion: that supply chain risk management is a critical issue IT professionals are aware of, but the awareness isn’t necessarily leading to actionable (or effective) programs and policies.

Despite all the complex cybersecurity threats facing organizations around the globe, employee behavior often leads to security compromise. In a recent Experian survey, 66% of data protection and privacy training professionals say employees at their organizations are the weakest security link. Yet beyond training and educating employees, there are policies and controls organizations can implement to further reduce risk. By eliminating Illicit peer-to-peer file sharing and properly configuring email security protocols, organizations can diminish the likelihood that employees will inadvertently introduce malware into company networks.

Anubis Networks began monitoring Necurs, a malware family known for it's rootkit capabilities, in August 2015. Since then we have been able to observe approximately 50.000 unique IP addresses connecting to our sinkhole over a 24 hour time period. However, we recently discovered that we were only seeing a small part of the whole botnet.

According to Merriam-Webster, proactivity is defined as “controlling a situation by making things happen or by preparing for possible future problems.
Its antonym, reac

Bitsight is proud to announce the release of our latest research report, ”Bitsight Insights Global View: Revealing Security Metrics Across Major World Economies”. This report looks at the Security Ratings of a random sample of 250 companies from the United States, the United Kingdom, Singapore, Germany, China and Brazil from May 1, 2015 to May 1, 2016. Security and risk professionals can use the findings of this report can utilize these findings to better understand the potential cyber risks of doing business in foreign countries.

Given the financial, reputational, and legal harm that can arise from cyber breaches, corporate shareholders and investors are increasingly concerned about the cybersecurity of the companies in their investment portfolio. How will investors begin to engage with companies on this issue?

Boards today have a vested interest in the cybersecurity posture of their companies. Because of this, board members are increasingly interested in being briefed on top cybersecurity threats and understanding the countermeasures that should be taken to avoid them.

There are many different metrics that the CISO or CIO collects to measure the performance and effectiveness of its cybersecurity program. But only a select number of these metrics hold enough weight to be reported to the C-suite. The security metrics and measurements that make it to the boardroom should be presented in a language the Board understands, and should speak directly to whether the organization is taking the right steps toward security. 

We’ll start by saying there isn’t anything inherently different about a U.K. cybersecurity strategy compared to one in, say, the U.S. But many countries do face some specific cybersecurity strategy challenges, whether they’re regulatory or situational—and the U.K. is no exception.

Before we go into details about managing information risk, let’s start with a working definition we can refer back to: