Security Risk Management

Venky Ganesan on BitSight and the Target Breach

Sonali Shah | December 23, 2013

On December 20, 2013, soon after news of Target’s data breach broke, Venky Ganesan (Managing Director at Menlo Ventures and BitSight Board Member) talked about BitSight on CNBC. When asked about cutting edge technology in the cyber risk management space, Venky responded, “I think the most important thing we find right now is that security has become a board room issue. Everybody in the board room wants to know how secure are we, how can we measure security, and how can we manage it. We have an investment in a company called BitSight that lets us get a rating on how secure your infrastructure is.”

Venky goes on to explain how BitSight’s SecurityRatings can be used to measure risk. In the case of Target, which announced last week that it had been breached, BitSight saw an increase in security incidents during the fourth quarter of this year. Although Target’s SecurityRating is higher than that of the average retailer, BitSight did observe a rise in malicious activity occurring on Target’s network in November and December. In particular, there was an increase in adware and botnet activity - including Zero Access and Zeus. While we have no evidence suggesting that this particular activity lead to the breach, it is clear that Target’s security posture declined in the last few months. Target’s BitSight SecurityRating fell nearly 10% from July 2013 to December 2013.

What we have learned from the attack on Target is that a company’s security posture can change rapidly. A company that had few security incidents in one month could be plagued with botnet infections the next. As cyber attacks increase in sophistication, risk managers must continuously monitor risk and proactively manage it. And, increasingly in 2014, we will see cyber security becoming a more prevalent topic of discussion in corporate boardrooms.

_

Making e-commerce more secure from CNBC.

Suggested Posts

Mitigating Risk in Your Expanding Digital Ecosystem

As time goes on, organizations are taking on more and more new digital transformation initiatives to become increasingly agile and boost productivity — dramatically transforming the number of digital touchpoints employees interact with on...

READ MORE »

3 Ways to Ensure Best-in-Class Third Party Cyber Risk Management

An effective third party cyber risk management program both identifies potential threats and finds ways to mitigate them. Organizations should aspire to the highest possible standards when it comes to their security posture. To do so, they...

READ MORE »

Cyber Risk Should Be A Growing Concern to the Municipal Bond Market

Following an increase in ransomware cyber attacks, most notably May 2017’s WannaCry attack, U.S. public sector entities are starting to see the effects of these attacks on the almost $4 trillion municipal debt market. As a result, issuers...

READ MORE »

Subscribe to get security news and updates in your inbox.