Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Bitsight and Google collaborate to reveal global cybersecurity performance
Bitsight and Google collaborate to reveal global cybersecurity performance
This joint study between Bitsight and Google arms organizations with actionable insights, providing the current status of global cybersecurity performance by analyzing nearly 100,000 global organizations across 16 cybersecurity controls and nine industries amid heightened stakeholder demands on cybersecurity strategy.
This spring, the research paper titled “Risky Business: Assessing Security with External Measurements” was published on Cornell’s academic resource site. Authored by former Bitsight data scientist, Jay Jacobs, as well as fellow academics Stephanie Forrest and Benjamin Edwards, this paper highlights the research done to correlate security ratings with the incident of a breach. As such, the paper demonstrates how an organization’s security practices can be measured externally and how these practices can be linked to observed security problems. Using statistical analysis, the authors then study the correlation between risk vectors and botnet infections. The paper argues that this information is sufficient to assess the security maturity of an organization using only externally available information.
Today, disruptive risks are an area of focus for corporate directors worldwide. On a global basis, we face disruptions in areas like geopolitical volatility, economic slowdown, emerging technologies, cybersecurity threats, and climate change.
Since creating the Security Ratings market in 2011, a core component of Bitsight’s value to users has been providing industry-leading comprehensive visibility into malware communications.
This past Tuesday, Bitsight was named a Leader in The Forrester New Wave™: Cybersecurity Risk Rating Solutions, Q4 2018 evaluation. This report evaluates the current offering and strategy of vendors in a particular technology market, such as security ratings. This is significant, as this is the first analyst report that has a core focus on evaluating security ratings services solutions side-by-side.
An increasing number of security and risk teams are using security ratings to effectively assess the impact of their security programs as well as communicate changes to key decision makers — like the Board of Directors. These teams know that their company needs tools that provide an objective and quantitative view of their cybersecurity performance over time.
Over the course of this blog series, we’ve addressed some of the major concepts surrounding third-party risk, as well as addressed some misconceptions. In this final post, we’ll continue to examine the last three of the top notions surrounding third-party risk management programs and weed out fact from fiction.
In today’s landscape, managing your internal security processes as well as creating a third-party vendor risk management program should be top of mind, but prioritizing a solid understanding of the metrics surrounding your cybersecurity programs almost just as important. These metrics should dive deeper than “yes” or “no” questionnaire answers, but should help you gain a more comprehensive understanding of where you and your third parties fall when it comes to proactively mitigating cyber risk.
With the number of third parties connected to businesses increasing, risk and security teams need to ensure they are spending the right amount of attention on the right third parties. To do this, organizations need a clearly defined, tiered portfolio of third parties, vendors, and suppliers. Today, many companies tier their third parties based on the inherent risk they present, and the types of data they handle or have access to.
For the last five years, Bitsight Security Ratings have been helping companies gain insight into the efficacy of their security programs, as well as the security performance of third and fourth party vendors. Today, the Bitsight Security Rating platform provides a year’s worth of data on all companies to paint a comprehensive picture of a company’s security posture over time.
Over the last several years, cybersecurity regulations (like NYDFS and GDPR) have placed pressure on the financial services industry to build and enforce some of the strongest risk management programs across any industry. These programs focus not only on internal security performance, but also on managing third party risk. Financial service organizations are both highly regulated and handle extremely sensitive personally identifiable information (PII), and as a result typically have higher security budgets when compared to other industries.
Within the Bitsight Security Ratings platform, we prioritize features that help organizations both identify and manage risks across their own networks and the networks of their third parties. Bitsight now enables users to identify organizations who are potentially vulnerable to VPNFilter malware or Oracle’s WebLogic server problems.
Last Thursday, Bitsight announced the closing of our Series D Round of funding. Not only is this important for our company, it is also extremely significant for the security and risk market as a whole.
Recently, Verizon announced the Verizon Risk Report (VRR), a new managed service offering that provides a security assessment framework to enable customers to gain a comprehensive view of their cyber risk. By combining external cybersecurity ratings, internal analysis, and culture and process assessments, Verizon is able to provide customers with a holistic profile of security performance and current posture, enabling customer to prioritize security investment and mitigate risks.
The launch
The launch
Last week, Bitsight released our new Security Rating Snapshot report.
At a recent Bitsight Roadshow, a customer with an advanced third party risk management program declared “assessments are not risk reduction.” The statement was not meant to convey that assessments are useless for third party risk; rather, that assessments themselves don’t inherently drive risk down.