Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Bitsight and Google collaborate to reveal global cybersecurity performance
Bitsight and Google collaborate to reveal global cybersecurity performance
This joint study between Bitsight and Google arms organizations with actionable insights, providing the current status of global cybersecurity performance by analyzing nearly 100,000 global organizations across 16 cybersecurity controls and nine industries amid heightened stakeholder demands on cybersecurity strategy.
In a world where business is increasingly conducted on mobile devices, it is imperative that organizations offer mobile applications to serve their customer base. In fact, for many businesses, mobile applications are one of the primary channels used to interact with customers and to sell products and services.
The holiday season is upon us, with consumers hastily laying travel plans between time spent browsing for gifts for loved ones. During this season, a few also remember that major retail breaches have long-lasting and far-reaching effects with settlements dragging into the years and occasionally costing companies up to billions of dollars.
In today’s business world, the desire to transact in the digital realm is dramatically accelerating and, unfortunately, so is the cyber risk that one takes on as a result. Organizations that handle sensitive data are more likely to become the targets of hackers who are looking to exploit this information stored within their network. Businesses now find themselves exposed to a growing “Cyber Risk Gap.” This gap is the outcome of the combined impact of the following:
If you’re involved in a healthcare-based organization, you’ve likely noticed the push for stronger vendor security and vendor risk management (VRM) practices. There are a few reasons for this.
After the initial analysis of the WannaCry ransomware attacks, our Research & Development team put together a global assessment of the impacts and repair process needed for affected systems to recover.
In recent weeks, the security news has been dominated by announcements of data breaches resulting from Point of Sale (PoS) malware present on payment processing terminals. All 350 North American Eddie Bauer retail locations and 20 properties managed by HEI Hotels were affected while 3.7 million customer payment cards were compromised at cafes available at Banner Health facilities. Understanding how PoS malware campaigns work and the specific information targeted by attackers educates consumers about the danger that might be lurking on card readers at their local retailer. Increased awareness and adoption of secure payment solutions will increase overall security and reduce the costs and headaches attendant to fraud.
There have been a number of large security breaches in healthcare over recent years. Indeed, 89% of healthcare organizations have experienced a data breach in the past three years, and more than 32 million people had their protected health information (PHI) breached in 2019.
Right now, the UK is in political turmoil, which makes any long-term cyber security predictions difficult. But it is possible to make statements about cybersecurity in the short term.
A new security vulnerability in an older version of TLS / SSL was announced this week and has been named “DROWN” by its authors (Decrypting RSA with Obsolete and Weakened eNcryption). It’s estimated to affect up to 11 million servers using the TLS / SSL protocol, from websites to e-mail servers. This unique attack allows a third-party who has intercepted encrypted traffic between a client and an unaffected server, such as one only supporting TLSv1.1 and TLSv1.2, to use another server that is using the same RSA private / public key-pair to act as an oracle to decrypt the intercepted traffic. This leads to a larger attack surface than would normally be exposed if the vulnerability were isolated to a single host since it allows an adversary to perform a “cross-protocol” attack by taking advantage of servers sharing the same TLS / SSL certificates.
Bitsight’s Third Annual Bitsight Insights Industry Benchmarking Report looked at some of the major SSL vulnerabilities affecting organizations, including Heartbleed, POODLE and FREAK. Bitsight’s analysis found that a sizeable number of companies across all industries were still running services that were vulnerable to these flaws. As mentioned in our report, businesses can leverage this information as a measure to ensure that proper controls are being met internally. In addition, companies can gain insight into the performance of their key third party vendors when it comes to ensuring that they aren’t running vulnerable services.
Every year, companies spend billions of dollars on mergers and acquisitions. (The value of worldwide M&A deals in 2014 totaled $3.5 trillion.) Managing risk throughout the process is an important element of any merger, but there's one area of risk management that hasn't had the attention it deserves.
Many of the facts surrounding the Target breach still remain unclear, even as details continue to emerge publicly. We still don’t know what the final tally of breached organizations will be, but the list keeps growing. In addition to who else has been breached and the impact on their customers, another factor we need to consider is how Target's business partners may be impacted. In a data breach on any retailer, card issuers, payment processors, insurers, suppliers and other parties may face substantial loss as the investigation and recovery costs ripple through these networks.
In light of the recent news of retailers being attacked late last year, we at Bitsight looked into our security ratings (an external measure of a company’s security posture) to gain some insight into these attacks.