Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Bitsight and Google collaborate to reveal global cybersecurity performance
Bitsight and Google collaborate to reveal global cybersecurity performance
This joint study between Bitsight and Google arms organizations with actionable insights, providing the current status of global cybersecurity performance by analyzing nearly 100,000 global organizations across 16 cybersecurity controls and nine industries amid heightened stakeholder demands on cybersecurity strategy.
This October, Bitsight celebrated another very important milestone as the leader and pioneer of the security ratings market: now, Bitsight has high-quality, historical data on over 110,000 global organizations at users’ fingertips.
This August, Bitsight announced the release of several new risk vectors specifically chosen to help organizations identify and manage risks across their own networks and the networks of their third parties. Bitsight chose those new risk vectors to enhance the insights across the “spectrum of risk” and provide a more comprehensive picture of an organization’s security posture.
An increasing number of security and risk management executives are being asked to present to the Board of Directors on the state of their — and their third parties’ — security and risk programs. A recent joint survey by Veracode and NYSE found that nearly 80% of directors said that cybersecurity topics are discussed at nearly every board meeting.
Reducing cyber risk that stems from third and fourth party vendors is no easy task. It requires that organizations not only have the ability to continuously monitor and identify new risk, but also the ability to work with their vendors to fix security issues quickly. Getting to risk reduction quickly means that both organizations are communicating effectively, using data and evidence rather than conjecture to make progress.
When it comes to vendor risk management, organizations ultimately need their vendors to meet the same standard of security performance they hold for their own organization. For years, the Finance industry has been a trailblazer in managing the risk posed by vendors, suppliers, and business partners. However, are vendors in the Finance supply chain meeting the same level of security performance held by Finance organizations?
In today’s market, an increasing number of security and risk management executives are being asked to present to the Board of Directors on the state of their — and their third parties’ — security and risk programs. Gartner estimates that by 2020, 75% of Fortune Global 500 companies will treat vendor risk management as a board-level initiative to mitigate brand and reputation risk. Bitsight understands that making an organization’s cybersecurity posture accessible to C-level executives and the Board of Directors is becoming more of a requirement within the business; we’ve added capabilities within Bitsight Security Ratings that arm security and risk management executives with actionable metrics that they can share with the Board of Directors.
A key factor in the widespread reach of the WannaCry ransomware attack earlier this year was that, prior to the attack, companies across hundreds of countries failed to apply a critical update (MS17-010) from Microsoft. This attack, along with the more recent NotPetya attack, has highlighted the prevalence and the risk of outdated software on corporate networks.
In the security ratings market, some offerings claim that a staggering percentage of the data they leverage is proprietary, and downplay the value of externally sourced data. While these companies may state that (close to) 100% of their data collection on IP maps, DNS records, event data and more is proprietary, there are several reasons why this is problematic. Let’s break down the myths surrounding this issue one at a time.
Want to know what it’s like to be an engineer at Bitsight? Check out this Q&A with a member of our engineering team to learn about his role as Team Lead, his experience, and more.
Within the Bitsight Security Ratings platform, we analyze risk vectors specifically chosen to help organizations identify and manage risks across their own networks and the networks of their third parties. Over the past few months, Bitsight has added new risk vectors to enhance the insights across the “spectrum of risk” and provide a more comprehensive picture of an organization’s security posture. These risk vectors will not be factored into our rating calculation until we update and expand the rating algorithm once every year. However, they still provide extremely valuable information to Bitsight users. As new threats emerge, Bitsight understands the important role that these threats play in the security ratings industry. This is why we continuously add to our list of risk vectors — it is critical that security ratings services are dynamic in nature and able to incorporate the identification of these risks into their service.
Want to know what it’s like to be an engineer at Bitsight? Check out this Q&A with a member of our engineering team to learn about his role as an engineering director, his experience, and more.
Here @Bitsight, we are committed to our mission to transform the understanding of cyber risk through the usage of Security Ratings. It’s pretty serious stuff and involves lots of inspiration and even more perspiration. BUT we are not just about work. It’s important to us to have balance — to be involved in the local community and also to have plenty of fun.
Bitsight recently completed a reorganization of a large part of our Single Page Application (SPA) code. Our goal was to make our codebase more scalable and developer-friendly by adding a few simple rules for where different parts of the application should live. In this article, I’ll describe what we left the same, what we changed, and how we did this while continuing to ship features on time.
There are many details of yesterday’s ransomware attack are still being worked out, and its impact is still being assessed. Yet, there are many security diligence steps organizations can take to reduce exposure to these types of attacks. Below are best practices security and risk teams should be aware of, and implications for organizations who fall behind.
In today’s day and age, organizations understand that data breaches are a growing problem, but many fail to realize that a third party breach can impact them as much as a breach on their own network. Here we’ll examine several misconceptions surrounding vendor risk management (VRM), and how you can proactively create a strategy to avoid common pitfalls.