Technology companies — along with their partner ecosystems — are some of the most targeted organizations when it comes to cyber-attacks. In 2018, enterprises invested an average of 3.5 million on cloud apps, platforms, and services — making the sensitive information held in those platforms a top target for hackers.
Given the business world’s increasing digital transformation and reliance on the cloud, technology companies are most often critical vendors, storing and handling sensitive data (personally identifiable information, intellectual property) for their customers. As one of the industries that experience the most public breaches, it is imperative they continuously monitor and assess the ongoing performance of their own organization’s security posture.
As one of the most critical vendors in the business world, many organizations rely on Microsoft’s technology for their day-to-day operations. This past May, Microsoft discovered a software security vulnerability, BlueKeep, that could ultimately lead to one of the worst cybersecurity attacks since 2017’s infamous WannaCry ransomware incident. The Remote Desktop Services Protocol (RDP) vulnerability is so potentially dangerous that both Microsoft and the National Security Agency (NSA) have issued advisories about its existence.
Playing the role of critical vendor mandates that technology companies like Microsoft invest in managing their security performance. A 2018 BitSight report found that at least one-third of all major industries are dependent on one of the top five cloud hosting providers. Knowing this, it’s imperative that technology companies continuously assess their own security posture to ensure the cybersecurity of the millions of businesses worldwide that depend on their services.
BitSight’s data science team took a closer look at the security performance of organizations in the technology sector (all data as of June 1, 2019). It should be noted that companies in the following subindustries are included under the classification of “technology” companies: computer hardware, computer software, computer networking, internet, semiconductors, biotechnology, consumer electronics, information technology and services, computer games, wireless, and computer and network security.
The image below shows the breakdown of BitSight Security Ratings for each subindustry within the technology sector. Based on the terabytes of data collected by BitSight about security performance, we observe that:
Almost 50% of the companies in the technology industry have a BitSight Security Rating in the advanced category (740 and above), with a smaller percentage of companies with ratings in the Basic category (below 640). As a sector, Technology’s security performance falls about on par with Healthcare, Retail, and Utilities (Exhibit A).
Exhibit A
As a critical vendor to so many organizations, tech companies need an effective method for gaining visibility into the security posture of their business. Organizations need a way to model different scenarios and remediation strategies in order to forecast future security performance. Security ratings deliver a continuous, data-driven measurement of security performance, enabling security and risk leaders to compare performance with their industry peers and competitors, identify direct paths to cyber risk reduction, and ultimately report that performance to their Executive team and Board.
Ultimately, security ratings allow the technology industry— one that plays a role as a critical vendor to so many businesses around the globe— to accurately assess cyber threats within their business ecosystem.
Exhibit B
Exhibit C
Exhibit D
Exhibit E
This content was produced by Marc Light in conjunction with John Burger and Shrinath Patel from the BitSight Data Science Team.
Given the recent security breaches and reported hacking attempts, it is increasingly important for companies to have a handle on their most sensitive data. Sensitive data can include employees’ personal information, customer information,...
Working from home introduces significant cyber risk to any organization. However, recent events reveal that it’s not a case of “if” but “when” bad actors will exploit the rampant vulnerabilities on home networks.
Quantum computing has the ability to change the world, both for better and worse, and while it may be far off in the future, security teams need to start preparing for the new reality it will usher in.
© 2021 BitSight Technologies. All Rights Reserved. | Privacy Policy | Security | For Suppliers
Contact Us | BitSight Technologies | 111 Huntington Ave, Suite 2010, Boston, MA 02199 | +1-617-245-0469