Venky Ganesan on BitSight and the Target Breach

Sonali Shah | December 23, 2013 | tag: Security Risk Management

On December 20, 2013, soon after news of Target’s data breach broke, Venky Ganesan (Managing Director at Menlo Ventures and BitSight Board Member) talked about BitSight on CNBC. When asked about cutting edge technology in the cyber risk management space, Venky responded, “I think the most important thing we find right now is that security has become a board room issue. Everybody in the board room wants to know how secure are we, how can we measure security, and how can we manage it. We have an investment in a company called BitSight that lets us get a rating on how secure your infrastructure is.”

Venky goes on to explain how BitSight’s SecurityRatings can be used to measure risk. In the case of Target, which announced last week that it had been breached, BitSight saw an increase in security incidents during the fourth quarter of this year. Although Target’s SecurityRating is higher than that of the average retailer, BitSight did observe a rise in malicious activity occurring on Target’s network in November and December. In particular, there was an increase in adware and botnet activity - including Zero Access and Zeus. While we have no evidence suggesting that this particular activity lead to the breach, it is clear that Target’s security posture declined in the last few months. Target’s BitSight SecurityRating fell nearly 10% from July 2013 to December 2013.

What we have learned from the attack on Target is that a company’s security posture can change rapidly. A company that had few security incidents in one month could be plagued with botnet infections the next. As cyber attacks increase in sophistication, risk managers must continuously monitor risk and proactively manage it. And, increasingly in 2014, we will see cyber security becoming a more prevalent topic of discussion in corporate boardrooms.

_

Making e-commerce more secure from CNBC.

Suggested Posts

The BitSight and Moody's Partnership: A New Era For Cybersecurity

Cybersecurity is one of the biggest threats to global commerce in the 21st century.

By providing data-driven insights into cybersecurity, we can empower the marketplace to make better, risk-informed decisions and create a more secure...

READ MORE »

4 Critical Success Factors for Effective Security Risk Management

With the average cost of a data breach in the U.S. reaching nearly $8.6 million, your organization can’t afford to ignore cybersecurity risk. Indeed, the need for security risk management is greater than ever. When cyber risk is managed...

READ MORE »

IoT Cybersecurity: How Your Organization Can Tame the Wild West

From sensors on the factory floor to those that guide autonomous vehicles, the Internet of Things (IoT) is transforming how we live and work. Over the coming years, IoT will continue to change our world, with the number of connected...

READ MORE »

Get the Weekly Cybersecurity Newsletter.