As major stories about information security risk continue to capture the attention of the news media, BitSight has become a part of the national conversation on cyber security. We have been featured in both local and national publications to discuss a wide variety of cyber risk topics. Today we recap these major stories and highlight how BitSight has contributed towards a better understanding of the constantly changing risk landscape affecting us all.
The OpenSSL Heartbleed vulnerability will likely be one of the biggest stories in information security this year. The flaw, which takes advantage of the heartbeat feature, has been present for over two years, but was only recently discovered. It allows an attacker to trick systems into revealing 64 KB of data sitting in its system memory per request, which may include login credentials, cookies and other data that is exploitable by hackers. Some new outlets have reported that the flaw likely affects over two-thirds of the internet. Stephen Boyer, BitSight CTO and Co-Founder, was recently featured in Wall Street Journal article to give his take on Heartbleed. BitSight was mentioned alongside other firms such as Amazon Web Services, Yahoo, Tumblr and Github as a tech company that already released a patch for the OpenSSL vulnerability. In addition, we have added a new customer portal feature to help businesses reduce risk exposure to Heartbleed. When asked about the bug, Stephen noted, “The scary part is that you can decrypt information.” Stephen also appeared on CNBC’s Closing Bell to talk about Heartbleed, where he emphasized the major steps that businesses will have to take to make sure that they are not susceptible to data loss, from updating software to changing keys.
As we all rely on the government for critical services, the cyber health of our nation is of top concern to many. Recently, a Government Office of Accountability Report on data loss was particularly harsh, noting that in 65% of reported incidents federal officials failed to take appropriate action. Adding to this conversation on the cyber risk of our nation, last week Stephen Boyer made an appearance on Yahoo Finance to talk about this important issue. Stephen commented, "We're relying on the government to provide certain services and it's also certainly vulnerable along with the power grid.” He added that leaders can take cues from industries that perform well, singling out the finance industry as one with a track record of responsible risk management.
Third party risk management has been an increasingly prominent topic in the news, especially after the string of major breaches occurring due to vulnerabilities in a vendor’s network. BitSight appeared once again in the Wall Street Journal to discuss how private equity firm KKR is using Security Ratings to reduce portfolio risk. KKR’s CIO Ed Brandman noted that Security Ratings guided his management of the firm’s portfolio of over 75 companies, allowing him to address individual issues with each company that held a poor rating. BitSight CTO Stephen Boyer added that the BitSight model, similar to credit ratings, give CIO’s a quantified look into the security posture of their and their partner’s security posture. Bloomberg Businessweek also wrote about the KKR’s use of BitSight to monitor portfolio risk.
As always you can check out the In the News section of our website for more news and insight from BitSight. We are excited to be a part of the larger conversations about risk, responsibility and transparency when it comes to cyber threats and security.