Fordham University

The higher education industry has increased exposure to cybercrime due to several factors including open Wi-Fi networks for students, BYOD access in dormitories, and recent expansion of hybrid teaching and learning. Fordham University is no exception, experiencing annual fluctuations in cyber security posture correlated with students leaving in the summer and returning in the fall. 

Benedict needed a way to gain insight into different components of Fordham’s digital assets and understand what the university’s risk profile looked like based on real-time data. He invested in Bitsight for Security Performance Management and Third-Party Risk Management to not only improve Fordham’s own cybersecurity posture but also to ensure they were partnering with cybersafe third parties. 

“Bitsight provides an unbiased third-party analysis of our risk profile with a strong algorithmic base. We leverage its empirical data and fair and rigorous methodology to back up our strategic risk assumptions,” says Benedict. “It has helped take away the 'by the seat of our pants’ kind of feeling, ensuring we are more impactful in our risk mitigation investments.”

Benedict also needed a way to provide clear and valuable metrics to his board of directors on the overall cybersecurity posture of Fordham. The Bitsight Ratings Tree allows him to identify sub-optimal areas to enhance within Fordham’s cybersecurity profile , narrow his focus to key issues, understand the root cause, and to take rapid action. Not only can Benedict show the board a holistic view of Fordham’s cyber profile, but he can showcase a benchmark comparison against other prestigious schools and their ratings. 

“With a Bitsight Security Rating of 740, we’re proud to say that we’re at the top of the higher education industry,” says Benedict. “And Bitsight has been instrumental in the journey to get there, not to mention the exceptional Bitsight team. For a company as large as Bitsight, the people and service are so personable and quick to help. I always feel as if I’m only one request away from having my Account Manager’s home phone number.”
 

As Fordham University’s cybersecurity program continues to grow, they are beginning to incorporate cyber risk quantification capabilities. With Bitsight for Financial Quantification for Enterprise Cyber Risk, the security team has more robust conversations regarding cyber insurance, cyber risk, and ROI. Benedict has already begun to see immediate ROI; in a recent conversation with Fordham’s insurance broker, Benedict portrayed data gleaned from Bitsight for Financial Quantification to successfully argue for lower rates. 

“The carriers were inferring that we presented more risk than we actually do based on a minimalistic assessment document and where quoting increased premiums. However, with Bitsight we were able to use real data to bring about a favorable negotiation,” says Benedict.

“The Bitsight Rating is more than just a number, it’s an indicator of security and risk posture,” concludes Benedict. “With it, we've been able to make big strides forward and become demonstrably more strategic with our information assurance efforts.”