Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Bitsight and Google collaborate to reveal global cybersecurity performance
Bitsight and Google collaborate to reveal global cybersecurity performance
This joint study between Bitsight and Google arms organizations with actionable insights, providing the current status of global cybersecurity performance by analyzing nearly 100,000 global organizations across 16 cybersecurity controls and nine industries amid heightened stakeholder demands on cybersecurity strategy.
Learn what you can do to defend against cyber attacks and achieve a state of cyber resilience.
Cybersecurity is a priority for any organization and a big-ticket budget line item. But before investments in security are made, your organization must understand what it is doing right and where improvements to your cybersecurity program are needed.
Typically, this involves conducting a periodic security audit. But these assessments only capture a point-in-time view of the effectiveness of your security controls – and are incredibly resource-intensive.
Typically, this involves conducting a periodic security audit. But these assessments only capture a point-in-time view of the effectiveness of your security controls – and are incredibly resource-intensive.
It’s hard to believe, but Bitsight is celebrating our 10 year anniversary this week! I co-founded Bitsight in 2011 with my friend and grad school classmate, Nagarjuna Venna. When I think back at our original idea of creating a global cybersecurity ratings system, I’m surprised that our original thesis and vision still holds true today. It’s been an incredible journey filled with twists and turns, and I wanted to share some thoughts about where we’ve been and where we’re headed in the next decade.
Not long ago, corporate executives would give only passing thoughts to their organization’s cybersecurity postures. Leadership and board members would take notice in the wake of a major data breach, for example, or a couple of times a year as a “check the box” exercise to maintain compliance with regulations. Overall, however, cybersecurity analytics didn’t really garner much attention.
A week ago (which seems like a world ago given everything that’s happened with SolarWinds) Phil Venables -- formerly CISO of Goldman Sachs and now CISO of Google Cloud -- posted an interesting expose on security ratings this week. Phil has a better perspective than most on the value and challenges of ratings not only because of the positions that he’s held but also because he is one of the authors of the Principles of Fair and Accurate Security Ratings. These principles also guide how Bitsight thinks about our rating overall.
Online services, e-commerce sites, videoconference, delivery services, and all other kinds of services are growing exponentially, exposing users and data to new risks and threats. Users expect that the sites and services they rely on are using best practices when it comes to security. But are they?
As time goes on, organizations are taking on more and more new digital transformation initiatives to become increasingly agile and boost productivity — dramatically transforming the number of digital touchpoints employees interact with on a day-to-day basis.
Network segmentation — the act of dividing a network into multiple smaller, isolated networks that are not visible from the outside — has long been used to reduce cyber risk. At its core, segmentation assumes a “zero trust” approach to protecting digital environments and minimizes access to digital assets for those who don’t need it, while enabling access for those who do. Should a breach occur, that threat is contained in the segmented network so it doesn’t propagate to other assets.
Cyber risk and regulatory compliance are two sides of the same coin in the Financial Services sector. Together, they spur Financial Services companies to take action to protect customers, their business and the global financial ecosystem from the malicious cyber attacks or the risk of critical system failures.
The evolution of the technology environment and related security threats is so fast paced it often seems businesses and regulators are playing an endless game of catch-up.
The regulatory environment is evolving rapidly as national and international regulatory bodies attempt to keep pace with changing business models, technology infrastructure and continuously escalating cyberthreats.
About 25 years ago, the evolution of the overall digital ecosystem necessitated the creation of the first CISO role. Now, 61% of companies have a CISO.
This post was originally published July 18, 2016 and has been updated for accuracy and comprehensiveness.
Healthcare is under attack. Hospitals, doctors’ networks, insurance companies, and others are prime targets for hackers due to the valuable protected health information (PHI) they store and the vital role they play in our nation’s critical infrastructure.
Cyberattacks have increased significantly in recent years, bringing vital conversations about cybersecurity into the Boardroom. As Board oversight of cybersecurity has increased, Board members — even those without technical expertise — have had to become rapidly acquainted with IT risk and security concepts. In the past few years, frameworks and best practices have emerged to help these Boards get a grip on their organization’s cybersecurity posture.