Insights blog.

COBIT and ITIL are information technology management and IT governance frameworks, and both are popular around the world. They were created to provide management and guidance for IT services in businesses of all sizes.

On August 24, 1992, Hurricane Andrew devastated South Florida and Louisiana, leaving a trail of destruction in its path. The estimated payout from insurance claims totaled $15.5 billion ($26.4 billion in 2015 dollars). Due to the overwhelming number of claims filed, 11 insurance companies went bankrupt and some reports show that if the path of the storm had directly crossed Miami, the entire insurance industry could have collapsed. As a result of the massive tragedy, the insurance industry restructured their approach to risk modeling and began to focus on aggregate risk.

In 2015, many college and universities suffered substantial data breaches. In each case outlined below, universities lost personally-identifiable information (PII) on thousands of individuals, from their student bodies to faculty and beyond. In addition to the theft of PII, higher education institutions can be the target of large-scale, sophisticated attacks designed to steal trade secrets and intellectual property. The commercial sector is heavily connected to the leading research in science and technology that stems from colleges and universities. Thus, the security posture of higher education institutions is of great importance on a national level.

by Nick Whalen and Ethan Geil

//

 
Want to learn more about these findings? Download this Bitsight Insights report to learn what file sharing activity means for your business. 

If you want to find out what’s happening in the world, you probably turn to your favorite news outlet. Maybe it’s your local paper or something more widely circulated, like the Washington Post or the New York Times. But if you want to find out what is happening on a day-to-day basis with cybersecurity governance and policy, you’ll need to have a stash of bookmarked blogs at the ready.

This is a two-part blog post. First, you'll discover the key findings in our latest Bitsight Insights report titled “Peer-To-Peer Peril: How Peer-To-Peer File Sharing Impacts Vendor Risk and Security Benchmarking.” In the second part, you'll read on to uncover our recommendations for mitigating the risks of peer-to-peer file sharing. 

You’ve likely heard your fair share of mortifying headlines around IT vendor management mistakes. Many of the highly publicized breaches in the last several years happened simply because the companies did not follow basic best practices for IT vendor risk management (VRM).

A sad truth about vendor risk management is that data breaches can—and will—happen to far too many companies. They are an unfortunate side effect of the digital world we live in today. But catastrophic data breaches are another story entirely. Yes, they do happen—and they happen more often than one might hope.

As we highlighted in a recent blog post, a diverse range of companies utilize Bitsight Security Ratings to manage cyber risk. Many of our customers are actively using these ratings to manage vendor risks, screen mergers and acquisition targets, underwrite cyber insurance and benchmark security performance. Regardless of how customers use these ratings within their security and risk programs, it is important that the ratings are both actionable and accurate.

by Ethan Geil and Nick Whalen

In today’s cyber threat landscape, organizations must know how secure they are at any given time. One of the most important questions that security professionals and risk managers can ask is “how secure am I right now?”

Bitsight’s Third Annual Bitsight Insights Industry Benchmarking Report looked at some of the major SSL vulnerabilities affecting organizations, including Heartbleed, POODLE and FREAK. Bitsight’s analysis found that a sizeable number of companies across all industries were still running services that were vulnerable to these flaws. As mentioned in our report, businesses can leverage this information as a measure to ensure that proper controls are being met internally. In addition, companies can gain insight into the performance of their key third party vendors when it comes to ensuring that they aren’t running vulnerable services.

Bitsight’s Third Annual Bitsight Insights Industry Benchmark Report: Are Energy and Utilities at Risk of a Major Breach? discussed the growing convergence of operational technologies (OT) and information technology (IT). In short, this issue revolves around making operational technologies internet enabled. These technologies - which include generation, transmission, smart grid systems, meter reading and more - are increasingly being brought online to enable a smarter grid and systems.

Assessing the security performance of your vendors and third parties is crucial considering the amount of access to sensitive information we grant to these partners. However, for those assessments to be effective, and for you to actually know what the results mean, you need to know what performance trends you should be looking for and to be able to contrast and compare the results. This is where benchmarking comes in.