Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Bitsight and Google collaborate to reveal global cybersecurity performance
Bitsight and Google collaborate to reveal global cybersecurity performance
This joint study between Bitsight and Google arms organizations with actionable insights, providing the current status of global cybersecurity performance by analyzing nearly 100,000 global organizations across 16 cybersecurity controls and nine industries amid heightened stakeholder demands on cybersecurity strategy.
October was Cybersecurity Awareness Month, which gave companies the opportunity to thoroughly examine their security and risk programs and identify where they can strengthen security practices. A Bitsight, we talk about risk management every day. We sat down with our Co-Founder & CTO, Stephen Boyer, to talk about the significance of having a risk-aware organization and proactive ways security ratings can help with risk management.
Banks and other financial institutions are a proving ground for new risk management methods. High risk and intense regulations feed into a culture of serious, comprehensive security — a culture that has manifested in mature methodologies such as the three lines of defense.
The retail industry has always been a favorite target of cyber criminals. We all remember major data breaches like those that affected Target, TJX, and Home Depot — but the truth is that retail security threats have been a daily concern of retailers for a long time.
In a 2017 survey of almost 1,300 CEOs conducted by PwC, 63% of respondents said they were “extremely concerned” about cyber threats — up from just 8% in 2013.
Over the last several years, cybersecurity regulations (like NYDFS and GDPR) have placed pressure on the financial services industry to build and enforce some of the strongest risk management programs across any industry. These programs focus not only on internal security performance, but also on managing third party risk. Financial service organizations are both highly regulated and handle extremely sensitive personally identifiable information (PII), and as a result typically have higher security budgets when compared to other industries.
With every reported data breach or cyberattack, the cyber risk landscape gets a little more complex. Cyber criminals create new attack vectors, cybersecurity professionals develop new controls to protect their systems, the criminals get to work circumventing the controls, and so on.The result of this back and forth is that cyber risk professionals have a huge variety of risk factors to worry about. In response, risk managers and security specialists need to develop extremely complex cybersecurity programs to make sure all of their bases are covered. With so many cybersecurity risks to consider, it’s inevitable that some will receive less attention than they deserve. Unfortunately, these overlooked risk factors could play a role in your next cyberattack, and if your financial services firm isn’t prepared, that could be extremely costly. Here are a few historically overlooked risk factors that deserve some additional attention:
Within the Bitsight Security Ratings platform, we prioritize features that help organizations both identify and manage risks across their own networks and the networks of their third parties. Bitsight now enables users to identify organizations who are potentially vulnerable to VPNFilter malware or Oracle’s WebLogic server problems.
CISOs and other security leaders need buy-in from the Board and executive team in order to run effective cybersecurity programs. This requires communicating data about threats and cybersecurity performance in ways that are easy to understand.As a result, cybersecurity visualization is becoming more important than ever. In a field that's as interesting and exciting — and comes with such high stakes — as cybersecurity, you can’t allow knowledge gaps and technical complexity to obscure your message.With high-profile data breaches on everyone’s minds, the Board is becoming more and more involved in cybersecurity decisions. In fact, 45% of board members say they actively participate in setting the security budget at their company. For CISOs, getting the sign-off on necessary IT projects, purchases, and partnerships often involves making impactful arguments to Board members who might not have IT backgrounds. So, what cybersecurity visualization techniques can you use to gain executive buy-in?
In a world where business is increasingly conducted on mobile devices, it is imperative that organizations offer mobile applications to serve their customer base. In fact, for many businesses, mobile applications are one of the primary channels used to interact with customers and to sell products and services.
An effective third party cyber risk management program both identifies potential threats and finds ways to mitigate them. Organizations should aspire to the highest possible standards when it comes to their security posture. To do so, they must leverage the best technology, efficiently allocate resources, and strive for continual improvement.
The holiday season is upon us, with consumers hastily laying travel plans between time spent browsing for gifts for loved ones. During this season, a few also remember that major retail breaches have long-lasting and far-reaching effects with settlements dragging into the years and occasionally costing companies up to billions of dollars.
In today’s business world, the desire to transact in the digital realm is dramatically accelerating and, unfortunately, so is the cyber risk that one takes on as a result. Organizations that handle sensitive data are more likely to become the targets of hackers who are looking to exploit this information stored within their network. Businesses now find themselves exposed to a growing “Cyber Risk Gap.” This gap is the outcome of the combined impact of the following:
If you’re involved in a healthcare-based organization, you’ve likely noticed the push for stronger vendor security and vendor risk management (VRM) practices. There are a few reasons for this.
Following an increase in ransomware cyber attacks, most notably May 2017’s WannaCry attack, U.S. public sector entities are starting to see the effects of these attacks on the almost $4 trillion municipal debt market. As a result, issuers are now starting to consider the cybersecurity posture of borrowers at the town, city, and local levels when they apply for bonds.
Stress and worry are emotions that are often linked with the period between the beginning of a new year and mid-April, the federal tax filing deadline. Modern technology has brought with it techniques and applications that reduce this burden by making it easier for consumers to prepare a tax return. Unfortunately the age of e-filing has come with increased risk of tax fraud due to cybercrime. According to IRS statistics, investigations, prosecutions, and convictions for tax crimes, including those involving identity theft, have been on the decline over the last three years.