Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Bitsight and Google collaborate to reveal global cybersecurity performance
Bitsight and Google collaborate to reveal global cybersecurity performance
This joint study between Bitsight and Google arms organizations with actionable insights, providing the current status of global cybersecurity performance by analyzing nearly 100,000 global organizations across 16 cybersecurity controls and nine industries amid heightened stakeholder demands on cybersecurity strategy.
The Bitsight Badge enables an organization to prove their focus on security, increase transparency, and showcase the hard work they put into enhancing security performance.
Discover how Bitsight’s GPS vulnerability research can help your organization and third party managers reduce IoT device cyber risk.
Atlassian Confluence has been impacted by vulnerability CVE-2022-26134 allowing for ransomware deployment, data theft, & more. See Bitsight's findings & analysis.
In November 2021, a new version of the Emotet botnet emerged. How did this happen? What is the botnet doing today? And how can organizations avoid becoming victims? Get the answers and more.
As cyber attacks evolve and your attack surface increases, learn how you can protect your digital perimeter.
Cybersecurity is one of the biggest threats to global commerce in the 21st century.
With the average cost of a data breach in the U.S. reaching nearly $8.6 million, your organization can’t afford to ignore cybersecurity risk. Indeed, the need for security risk management is greater than ever. When cyber risk is managed more effectively, you can focus on innovation and driving business growth.
As time goes on, organizations are taking on more and more new digital transformation initiatives to become increasingly agile and boost productivity — dramatically transforming the number of digital touchpoints employees interact with on a day-to-day basis.
Following an increase in ransomware cyber attacks, most notably May 2017’s WannaCry attack, U.S. public sector entities are starting to see the effects of these attacks on the almost $4 trillion municipal debt market. As a result, issuers are now starting to consider the cybersecurity posture of borrowers at the town, city, and local levels when they apply for bonds.
This year marked another great Gartner Security & Risk Management Summit with over 3,000 attendees, bringing together CEOs, CIOs, CISOs, IT Directors, Risk Managers, and other risk and security professionals to National Harbor, MD from June 12-15. An underlying theme emerged from the numerous sessions I attended and the various conversations I had: all roads lead back to business value. Whether it’s a new vendor that a company is looking to onboard, or a cloud technology the organization is implementing, everything should tie back to a business decision.
Stress and worry are emotions that are often linked with the period between the beginning of a new year and mid-April, the federal tax filing deadline. Modern technology has brought with it techniques and applications that reduce this burden by making it easier for consumers to prepare a tax return. Unfortunately the age of e-filing has come with increased risk of tax fraud due to cybercrime. According to IRS statistics, investigations, prosecutions, and convictions for tax crimes, including those involving identity theft, have been on the decline over the last three years.
On Thursday, February 23rd, Cloudflare announced a serious bug in its caching infrastructure that caused uninitialized memory to be printed on a number of its customers’ websites. This information included sensitive data such as passwords, cookies, tokens, private messages, and while it believes the bug was limited to roughly a thousand websites, it caused sensitive data to be dumped from potentially any Cloudflare reverse proxy customer. Some observers have stated this issue has similarities with “Heartbleed” and have thus referred to it as “Cloudbleed.”
Over the past couple of weeks, a major issue has surfaced affecting numerous companies that use MongoDB to store their data. Those who install MongoDB on a server and use default settings are exposing their data to the internet and allowing anybody to browse the databases, download information, and erase them entirely. Many companies are unaware of the vulnerability and that their information may be exposed to hackers. Criminals are reacting quickly and opportunistically by stealing data, then asking for a ransom. To make matters worse, some criminals asking for a ransom don’t actually have the data, so when the ransom is paid, companies are still left without answers. In addition to MongoDB, it was reported that clusters of Elasticsearch, an enterprise search engine has also been hit with ransomware.
Given the financial, reputational, and legal harm that can arise from cyber breaches, corporate shareholders and investors are increasingly concerned about the cybersecurity of the companies in their investment portfolio. How will investors begin to engage with companies on this issue?
Boards today have a vested interest in the cybersecurity posture of their companies. Because of this, board members are increasingly interested in being briefed on top cybersecurity threats and understanding the countermeasures that should be taken to avoid them.