Read news articles covering Bitsight, the leader in security ratings. We're proud to be featured in these leading business & technology publications, journals, blogs, and broadcasts.
In The News
Bitsight has announced the availability of a new study that evaluates how executives understand and effectively measure their cybersecurity performance and adequately communicate it to the board, senior executives, customers and critical stakeholders. The September 2019 commissioned study conducted by Forrester Consulting on behalf of Bitsight titled, Better Security And Business Outcomes With Security Performance Management, indicates that cybersecurity performance is critical to achieving commercial success. Among the study’s most interesting findings is that nearly two in five (38%) of enterprises admit they have lost business due to either a real or perceived lack of security performance within their organisation.
British firms are putting their livelihoods at risk by failing to ensure they are properly secure, new research has found. A study by Bitsight discovered that many companies have lost potential business due to failing to demonstrate they ensure their online safety.
It’s not just a handful of companies that are experiencing repercussions due to cybersecurity incidents. The reality is that cybersecurity is hitting the corporate bottom line for companies across the board. According to a recent study conducted by Forrester Consulting on behalf of Bitsight, nearly two in five (38%) of enterprises admit that they have lost business due to either a real or perceived lack of security performance within their organization. Nearly half of all executives surveyed in that same report admit that their ability to attract new customers was harmed following a security incident.
A sizeable 40 percent of CISOs have felt forced to use worst-case scenarios to gain the attention of decision makers, despite recognising the damaging side effects of a ‘Project Fear’ style approach rather than stating a precise business case, according to a new commissioned study by Forrester Consulting conducted on behalf of Bitsight. The report also found that companies are suffering from security data overload, with many firms having an average of nine different categories of security technologies in place.
Recent Bitsight research found that the average security performance rating across all federal agencies was at least 15 points higher than the mean security performance rating of any contractor sector. In other words, there is a significant security performance gap between federal agencies and their supply chain partners.
The time has come for agencies to prioritize this critical risk in their cybersecurity programs. There are steps agencies can take to more effectively measure, monitor and manage this challenge.
Bitsight Enterprise Analytics helps security and risk leaders quickly gain insight into the impact of risk introduced at the organizational group level – from subsidiaries to business units and departments – enabling them to identify the areas of highest risk concentration within their organizations.
The solution provides visibility into which groups have the biggest impact on their organizations' overall cyber risk posture and helps identify areas for security performance improvement.
Bitsight Enterprise Analytics takes the guesswork out of identifying risk concentration throughout and enhances security performance across distributed enterprise groups. The solution helps security and risk leaders simplify security programme monitoring, management and reporting by aligning risk management and communication with the existing business structure.
Bitsight reveals that, although initial patching efforts reached approximately 5,244 systems per day, the rate has decreased significantly in July. As of July 23, around 831 systems were being patched each day.
“Unfortunately, we might encounter a situation where the rate of patching tapers off leaving behind a legacy set of systems that remain vulnerable, perhaps unbeknownst to system operators,” Bitsight notes.
In a report published recently, cybersecurity firm Bitsight said it had seen over 788,000 systems that were still vulnerable to BlueKeep attacks as of July 23.
Bitsight Enterprise Analytics takes the guesswork out of identifying risk concentration throughout and enhances security performance across distributed enterprise groups. The solution helps security and risk leaders simplify security program monitoring, management and reporting by aligning risk management and communication with the existing business structure.
In 2016, security scanning and ratings firm Bitsight found that 13% of the higher-education sector had been infected with ransomware, the highest rate across all industries. Bitsight warned that the sharing mindset at schools and universities lead to more cybersecurity risk.
"Those in the education field naturally have an 'information-sharing' mentality, which lends to a high rate of peer-to-peer file sharing," the company stated in a blog post. "Universities and higher ed institutions encourage collaboration — but as a result, you often see students and faculty engaging in file-sharing activity on the school’s primary network."
Marc Light, vice president of data and research at risk management vendor Bitsight, agreed and said enterprises should take note of RDP vulnerabilities and patch them immediately. Bitsight released new research at Black Hat 2019 that showed the rate of patching for BlueKeep-vulnerable Windows systems has slowed recently, despite repeated warnings from both Microsoft and U.S. government agencies.
Bitsight is raising concerns over a potentiality "where the rate of patching tapers off leaving behind a legacy set of systems that remain vulnerable, perhaps unbeknownst to system Operators."
Likewise, Bitsight has also identified BlueKeep risk by industry, finding that the Telecommunications industry has an outsized risk, with over one third of organizations having vulnerable systems. Education follows in section place at just over 5%, followed by Technology, Government, and Utilities.
The public websites of more than half of 1,550 utilities in the U.S. and other countries assessed by security ratings firm Bitsight, use outdated software, according to a June report. This gives attackers an opening to companies’ systems, the report said.
Utilities are also wary about cyber threats targeting their supply chains. Many companies that do business with power suppliers have weaker cybersecurity safeguards than the utilities do, said Jake Olcott, Bitsight’s vice president for communications and government affairs.
Yet, while a catastrophic worm is the obvious threat, other, more subtle dangers exist as well, says Dan Dahlberg, director of security research at Bitsight.
"You think of the activities of the sorts of people trying to take advantage of this vulnerability for nefarious purposes — there are people who are less experienced, who would likely turn it into a worm," he says. "But there are other actors who might utilize this vulnerability in a much more stealthy manner, and that is going to be much harder to detect."
In early July, Bitsight found that some 800,000 computers still exhibited external signs of vulnerability to BlueKeep. About 5,000 systems are patched daily, Dahlberg says.