Read news articles covering Bitsight, the leader in security ratings. We're proud to be featured in these leading business & technology publications, journals, blogs, and broadcasts.
In The News
Read news articles covering Bitsight, the leader in security ratings. We're proud to be featured in these leading business & technology publications, journals, blogs, and broadcasts.
![CISOs forced to use worst-case scenarios to gain board attention](/sites/default/files/styles/news_grid/public/migration/images/BitSight-SC-Mag_35.png?itok=Iqf0bAJ8)
Two months after Microsoft discovered and patched the BlueKeep vulnerability, more than 0.8 million systems online remain vulnerable, according to an assessment done by to Bitsight, a Security Ratings company. That’s down just 17 percent since the company’s first assessment about the exposure of the BlueKeep vulnerability a month ago.
![How Microsoft Dismantled the Infamous Necurs Botnet](/sites/default/files/styles/news_grid/public/migration/images/wired-logo_0.png?itok=cvB_QP3i)
"There have been very few of these situations over the years where a vulnerability has lined itself to be so wormable," Bitsight director of security Dan Dahlberg says. "It’s still just a function of time until someone with more nefarious end goals might develop something."
![Exploits for Windows BlueKeep vulnerability commercially available](/sites/default/files/styles/news_grid/public/migration/images/logo-26_1.png?itok=Hhghsj0d)
Bitsight attributed the huge discrepancy to the fact that "telecommunications companies usually host end-customer systems that they cannot upgrade themselves, which may explain the higher ratio for this industry sector".
![More than 805,000 systems are still exposed to BlueKeep, study finds](/sites/default/files/styles/news_grid/public/migration/images/cyberscoop_0.jpg?itok=NZPMOj5L)
That leaves a broad potential attack surface for someone who exploits the vulnerability. BlueKeep is “wormable,” meaning the malware could infect systems as it finds its own ways to move from network to network.
The good news is that, since the end of May, the number of systems that are vulnerable to BlueKeep is down 17 percent, according to Bitsight. Additionally, at least 854 systems vulnerable to BlueKeep are being patched per day.
“We are really trying to encourage organizations to take action and to address their externally exposed systems,” Dan Dahlberg, Bitsight’s director of security research, told CyberScoop.
![Understanding cybersecurity in the world of risk society](/sites/default/files/styles/news_grid/public/migration/images/Verdict-Logo_1.png?itok=bkGRBUbL)
The phishing campaign used a fake gov.uk address to attempt to send 200,000 people emails that appeared to be from an unnamed UK airport. These were designed to scam recipients into paying a fee under the illusion that they would receive an increased refund.
![Necurs Botnets Busted](/sites/default/files/styles/news_grid/public/migration/images/file-2408675653_2.png?itok=HM-WDsjR)
Cybersecurity incidents have cost UK mid-market firms a combined £30bn over the past year as automated attacks become the norm, according to Grant Thornton.
The accounting and consulting giant interviewed 500 UK business leaders from firms with revenue of between £15m and £1bn to compile its latest study, Cyber security: the board report.It revealed that more than half of those polled had reported losses of between 3-10% of revenue following a cybersecurity breach. For those hit hardest, losses were up to 25% of revenue.
![Exploits for Windows BlueKeep vulnerability commercially available](/sites/default/files/styles/news_grid/public/migration/images/logo-26_1.png?itok=Hhghsj0d)
An organization without a cyber security strategy is an organization with the door open for trouble to walk right in unchallenged.
If you're in any doubt, take a look at the Government's latest Cyber Security Breaches Survey, which found 32% of businesses had suffered a breach or attack in the previous 12 months. While this is less than 2018 (43%) and 2017 (46%), the financial impact of these events has been steadily increasing. In 2017, the average cost to an affected business was £2,450, whereas in 2019 that's risen to £4,180.
![Cyberattacks cost UK businesses $370bn last year](/sites/default/files/styles/news_grid/public/migration/images/717%2520news.jpg?itok=X8Vt9J5K)
At the same time, boards remain ignorant to the dangers of hackers and confident in their ability to keep their organisations safe. Almost two thirds have no board member tasked specifically to tackle cybersecurity threats, and the same percentage doesn’t review risks and management, at least not formally.
![Microsoft discovers BlueKeep-like flaws in Remote Desktop Services](/sites/default/files/styles/news_grid/public/migration/images/Logo_SearchSecurity_0.jpg?itok=OZ9PJjKW)
Risk management vendor Bitsight Technologies published a report that showed approximately 805,665 systems online -- as of July 2 -- that remain vulnerable to BlueKeep. That figure represents a decrease of about 17% from Bitsight's previous findings from May 31.
![Billion-dollar privacy penalties put CEOs on notice](/sites/default/files/styles/news_grid/public/migration/images/computer-weekly_0.jpg?itok=pWGx1XfY)
The unprecedented penalties imposed on Facebook, Marriott and British Airways should serve as a warning for company leaders, according to Tom Turner, CEO of cyber security ratings firm Bitsight.
“CEOs around the globe are on notice that they are accountable for cyber security performance management just the same way they are accountable for managing the business,” he said.
![Understanding the most critical risks to your business](/sites/default/files/styles/news_grid/public/migration/images/Enterprise-Times-logo-544-2_14.png?itok=yE-1wuaZ)
So will the C-Suite and the main board actually take notice? Jake Olcott, VP Government Affairs at Bitsight, says they must: “These fines make it clear — executives and boards are responsible and accountable for cybersecurity. It has never been more important for them to understand and manage their organisation’s security performance just like they would manage any other critical business issue. When it comes to cybersecurity, ongoing briefings, regular reporting, and performance metrics are no longer nice to have — they are required.”
![ICO intends to fine Marriott International £99 million for GDPR infringements](/sites/default/files/styles/news_grid/public/migration/images/RiskXtraWOB-1_6.png?itok=ZuG3cjJV)
Following an extensive investigation, the Information Commissioner’s Office (ICO) has issued a notice of its intention to fine Marriott International the sum of £99,200,396 for infringements of the General Data Protection Regulation (GDPR). The proposed fine relates to a cyber incident which was notified to the ICO by Marriott in November 2018
![US officials, lawmakers warn of potential Iranian cyberattacks](/sites/default/files/styles/news_grid/public/migration/images/download-5_0.png?itok=Rd8l2Zn_)
Jake Olcott, vice president of cybersecurity ratings group Bitsight, told The Hill in a statement that "these fines make it clear -- executives and boards are responsible and accountable for cybersecurity.”
![CISOs forced to use worst-case scenarios to gain board attention](/sites/default/files/styles/news_grid/public/migration/images/BitSight-SC-Mag_35.png?itok=Iqf0bAJ8)
Jake Olcott, VP of Government Affairs at Bitsight, concurs saying: "These fines make it clear - executives and boards are responsible and accountable for cyber-security. It has never been more important for them to understand and manage their organization's security performance just like they would manage any other critical business issue. When it comes to cyber-security, ongoing briefings, regular reporting, and performance metrics are no longer nice to have -- they are required."
![Nearly 40% of Enterprises Lose Business Due to Cybersecurity Performance: BitSight](/sites/default/files/styles/news_grid/public/migration/images/cut_1.png?itok=Gy6odsy7)