In The News

In response to the UK Government’s findings, Jake Olcott (vice-president of Government affairs at Bitsight and who has previously served as legal advisor to the Senate Commerce Committee and as counsel to the House of Representatives’ Homeland Security Committee) observed: “An effective cyber security strategy must receive Board-level approval. Too many organisations leave cyber risk management to IT or IT security professionals. This approach can result in poor prioritisation, misplaced resources and other failures. Those organisations with executive and Board support for cyber risk management are more likely to be successful in reducing risk.”

The only truly effective cybersecurity strategy is one with board-level approval, a security services executive has said. The comments of Jake Olcott, VP Government Affairs at Bitsight, come after revelations in the UK Government’s Cyber Governance Health Check indicating that less than a fifth of boards have a comprehensive understanding of the impact of cyber attacks.

Bitsight Peer Analytics provides security and risk leaders unprecedented visibility into the relative performance of their security programs against their peers and sector. This makes it possible for companies to set achievable security performance improvement goals, effectively allocate limited resources, and efficiently prioritize security efforts.

Virtually all of the recent high-profile disruptions to the supply chain can be traced back to nation-states rather than hacking groups operating completely on their own, according to Bitsight President and CEO, Tom Turner. Supply chain risk management was historically the domain of the financial services industry, who typically had established practices in the area, he said. But activity nowadays is more and more about targeting a nation rather than targeting a vertical, Turner said, and companies are realizing that their supply chain or vendor network is often the easiest entry point for a hacker regardless of industry focus. A sovereign ratings platform allows government officials and national security agencies to better monitor critical infrastructure for risk exposure, Turner said. The nation-state embrace of supply chain attacks means that countries need to be more focused on protecting their power suppliers, civil capabilities, and important businesses, according to Turner.

Jake Olcott, VP Government Affairs at Bitsight, told SC Media UK that an effective cyber-security strategy must receive board-level approval. "Too many organisations leave cyber risk management to IT or IT security professionals to handle. This approach can result in poor prioritisation, misplaced resources, and other failures. Organisations with executive and board support for cyber-risk management are more likely to be successful in reducing risk," he said.

"Cyber risk is now considered to be the second-highest risk among the top 10 risks to any organization," said Steven Boyer, Co-Founder and CTO of Bitsight.

It's useful for security and risk leaders to know their industry's security performance standards and be able to perform peer and sector-wide security benchmarking. But the information to be able to do that isn't always easily available.

Security ratings company Bitsight is launching a new Peer Analytics feature on its platform that allows the comparison of security performance across global organizations. Bitsight Peer Analytics provides organizations with leading industry and critical peer group cybersecurity performance measurements. This gives security leaders real-time access to broad, deep, meaningful, objective data and metrics on industry-wide security and peer-level performance across multiple categories of vulnerabilities and incidents.

Stephen Boyer, Co-Founder and CTO of the American Bitsight rating company, and information security managers of large organizations from different sectors of the economy.

At a closed press conference attended by some 300 analysts, Alignment presented its risk assessment program for businesses in Israel using a tool from Bitsight (a single supplier). The initiative is another part of the Alignment process to deal with supply chain risks. 

Bitsight's CTO and co-founder, Steven Boyer, was the keynote speaker at NessPRO's meeting on cyber ratings and supply chain relationships. Boyer has exposed the various ratings and uses, with the emphasis being on preventing supply chain threats, one of the most disturbing cyber threats today. He explained to the Israeli information security managers that, compared with ratings that existed to date, including credit rating, financial rating, ratings in the consumer world, etc., the uniqueness of the rankings is the cooperation and transparency required between the various organizations and between the organization and its supplier.

Tom Turner, CEO, Bitsight, discusses the growing importance of risk transfer and cyber insurance, with breaches putting cyber-risk firmly on the boardroom agenda.

Stephen Boyer, co-founder and CTO of Bitsight, a company specializing in cyber ratings, also told Ynet, "The financial services sector has always been the safest - we've seen it since we started making a cyber rating in 2011. We see a similar pattern in all the financial organizations that no other sector has: they have a strong culture of overall risk management in cyber defense."

All areas of risk management – including supply chain risk management – involve ‘blind spots’. To be effective in this field, asserts Bitsight's Jake Olcott, risk professionals must account for risks from a wide variety of sources, from bad password management through to geopolitical upheaval.

As data mega-breaches dominate the mainstream news headlines, businesses worldwide are necessarily focusing on how to manage and mitigate cyber risk. The Marriott breach is only the latest in a litany of incidents whose repercussions will surely echo for a long time to come, but what needs to be the response? Bitsight's CEO, Tom Turner, investigates.