Read news articles covering Bitsight, the leader in security ratings. We're proud to be featured in these leading business & technology publications, journals, blogs, and broadcasts.
In The News
According to Bitsight, this kind of risk, which it dubs supply chain risk, is a growing problem. One in five financial institution vendors have at least one outdated desktop operating system like Windows XP on their network; this increases the likelihood of a security breach.
Stephen Boyer, a global expert and co-founder of Bitsight, will arrive in Israel to speak at the FIRST conference in Tel Aviv hosted by the Israeli CERT, and will participate in a special meeting with managers in various industries, government representatives and academic.
These steps for a successful pen test were gathered from personal experience, conversations with professionals including Stephen Boyer, founder and CTO of Bitsight, as well as numerous discussions with researchers at Black Hat USA and DEF CON 2018.
Jake Olcott, a vice president at Bitsight, said his company would describe this as a fourth party risk issue for major financial institutions. “What happened here is that the financial institutions sold loans to third party organizations, who then used Ascension Analytics to perform analysis on the loans. Ascension Analytics is the organization that experienced the security issue in this case.” He added, while a company like Citi arguably did nothing wrong, this is an example of a financial organization currently experiencing some reputational repercussions due to a fourth party cyber issue.
Another reason to believe that supply chain security will take on greater urgency in 2019 – NIST developed a new framework focusing specifically on supply chain security. A Bitsight blog post explained:
The framework recommends that organizations identify the most high risk suppliers, incorporate cybersecurity into contracts with those suppliers, and regularly assess and monitor the cybersecurity posture of those suppliers.
Jake Olcott, a vice president at Bitsight, said that in this case a major financial institution issued loans based on personal data provided to the banks then sold the loans to a third-party, who then used Ascension Analytics to perform analysis on the loans.
“While a company like Citi arguably did nothing wrong here, this is an example of a financial organization that is currently experiencing some reputational repercussions due to a fourth-party cyber issue. It is becoming increasingly critical for organizations to understand and manage their fourth-party cyber risk,” Olcott said.
While updating security incident advisories is a mandate of GDPR intended to protect privacy, the customers are not the only ones affected in a major breach. As these nation-state attacks grow more common, a gap between what investors need and what companies disclose about cyber incidents also grows, according to Jake Olcott, VP of communications and government affairs, Bitsight.
High-profile data breaches that originated in third-party networks continue to make news headlines across the globe – like Fiserv, Sears, Delta, Saks, Lord & Taylor and many more. As a result, organizations everywhere are paying closer attention to the security of their third-party vendors and contractors and developing third-party risk management (TPRM) programs to help them avoid becoming the next breach victim.
The introduction of the GDPR has been heralded as a major improvement to privacy and how data is handled. While it only affects the data of European citizens, it is credited with having an impact on privacy around the world. Earlier this month, security ratings vendor Bitsight, issued a report thanking GDPR for improving cyber security in Europe.