Tag: BitSight Security Ratings Blog

This article has been indexed from BitSight Security Ratings Blog Data breaches that originate through third parties are more commonplace than organizations are used to. The SolarWinds hack and Kaseya ransomware attack are two recent examples of threat actors exploiting…

Read more →

This article has been indexed from BitSight Security Ratings Blog You can’t reduce the cyber risks faced by your organization if you don’t know what you’re up against. That’s the purpose of a vulnerability probe. A vulnerability probe uses scanning…

Read more →

This article has been indexed from BitSight Security Ratings Blog The last two years have introduced new challenges to organizations across the globe — from managing business operations through an ongoing pandemic; to a rapid-fire pivot to a digital mode…

Read more →

This article has been indexed from BitSight Security Ratings Blog There are many ways that a bad actor can infiltrate your IT infrastructure and begin sifting through your data. These vulnerable entry points are known as risk vectors and include…

Read more →

This article has been indexed from BitSight Security Ratings Blog You’ve worked hard all year to prioritize your organization’s resources to tackle the riskiest vulnerabilities in your cybersecurity program. But when you bring your progress to the board of directors,…

Read more →

This article has been indexed from BitSight Security Ratings Blog Work from home practices introduce significant cyber risk to any organization. Worryingly, BitSight research discovered that remote office networks are 7.5 times more likely to have at least five distinct…

Read more →

This article has been indexed from BitSight Security Ratings Blog Recent BitSight research shows that 75% of retail businesses may be at increased risk of ransomware attacks as indicated by poor TLS/SSL configuration management. With the holiday shopping season upon…

Read more →

This article has been indexed from BitSight Security Ratings Blog Recent BitSight research shows that 75% of retail businesses may be at increased risk of ransomware attacks as indicated by poor TLS/SSL configuration management. With the holiday shopping season upon…

Read more →

This article has been indexed from BitSight Security Ratings Blog Taking back control of your network in light of hackers’ growing sophistication can be time-consuming. Even well-established organizations with money to spend on solid cybersecurity programs are still falling victim…

Read more →

This article has been indexed from BitSight Security Ratings Blog We are excited to announce the availability of the Moody’s Investor Services 2022 Cyber Risk Outlook. The report, which leverages data provided by BitSight, outlines factors shaping the landscape for…

Read more →

This article has been indexed from BitSight Security Ratings Blog Investments in digital initiatives are essential to success. But, according to Accenture, 79% of organizations are adopting new and emerging technologies faster than they can address security issues. The finding…

Read more →

This article has been indexed from BitSight Security Ratings Blog As cyberattacks surge, you’re charged with protecting your organization’s expanding digital footprint. But what about the risk posed by vendors? It’s estimated that 60% of organizations now work with more…

Read more →

This article has been indexed from BitSight Security Ratings Blog As cyber threats evolve and business models change, maintaining a mature cybersecurity program can be challenging. You need to be confident that your organization’s current security tools and techniques are…

Read more →

This article has been indexed from BitSight Security Ratings Blog Gaps in security controls can be hard to detect. Misconfigured software, open ports, and unpatched systems all expose your organization to cyber risk. They also negatively impact your BitSight Security…

Read more →

This article has been indexed from BitSight Security Ratings Blog Today, the Cybersecurity and Infrastructure Security Agency (CISA) issued Binding Operational Directive (BOD) 22-01, Reducing the Significant Risk of Known Exploited Vulnerabilities, to drive urgent and prioritized remediation of vulnerabilities that…

Read more →

This article has been indexed from BitSight Security Ratings Blog Guest blogger Marc Saltzman is a freelance journalist and technology expert, who’s work can be found here. You’re tasked with onboarding a new business vendor and need to assess the…

Read more →

This article has been indexed from BitSight Security Ratings Blog If your organization is entering into a relationship with a vendor or partner, due diligence is key to mitigating third-party risk. Due diligence allows risk management and compliance teams to…

Read more →

This article has been indexed from BitSight Security Ratings Blog We are excited to announce a new research partnership with the Cambridge Centre for Risk Studies (CCRS). Our joint research will analyze the relationship between organizational cybersecurity investments and risk…

Read more →

This article has been indexed from BitSight Security Ratings Blog Network security monitoring tools are a critical component of any IT security toolkit. These resources monitor and manage your network for cyber risk by scanning your organization’s digital assets for…

Read more →

This article has been indexed from BitSight Security Ratings Blog BitSight is committed to creating trustworthy, data-driven, and actionable measurements of organizational cybersecurity performance. As part of this commitment, BitSight periodically makes improvements to our ratings algorithm. These updates often…

Read more →

This article has been indexed from BitSight Security Ratings Blog To serve your customers and realize efficiencies, your organization may work with dozens if not hundreds of third parties including partners, vendors, cloud service providers, and subcontractors.  But digital ties…

Read more →

This article has been indexed from BitSight Security Ratings Blog Hospitals, doctors’ networks, insurance companies, and other healthcare organizations are guardians of valuable protected health information (PHI). As such they are particularly vulnerable to cyber attacks – and these threats…

Read more →

This article has been indexed from BitSight Security Ratings Blog Hospitals are under cyber attack. Are they able to defend themselves? A new study published in the Journal of the American Medical Informatics Association (JAMIA) provides brand new perspectives on…

Read more →

This article has been indexed from BitSight Security Ratings Blog Hospitals are under cyber attack. Are they able to defend themselves? A new study published in the Journal of the American Medical Informatics Association (JAMIA) provides brand new perspectives on…

Read more →

This article has been indexed from BitSight Security Ratings Blog The financial services sector is one of the highest performing in terms of cybersecurity. One factor that contributes to this performance is regulation. Laws such as FFIEC IT, the Gramm-Leach-Bliley…

Read more →

This article has been indexed from BitSight Security Ratings Blog Facebook and the apps under its umbrella, including Instagram and WhatsApp, were inaccessible for hours on Monday. The outage hamstrung the communications of billions of people, businesses, and other organizations.…

Read more →

This article has been indexed from BitSight Security Ratings Blog Network security threats are constantly evolving, and right now we’re in the middle of a particularly challenging time. While big-name breaches like SolarWinds and others grab headlines, multitudes of smaller…

Read more →

This article has been indexed from BitSight Security Ratings Blog These days, we often hear the word “quarantine” in everyday conversations–but quarantining takes on a different meaning when it comes to protecting your network.  Often, when we discuss quarantining from…

Read more →

This article has been indexed from BitSight Security Ratings Blog These days, we often hear the word “quarantine” in everyday conversations–but quarantining takes on a different meaning when it comes to protecting your network.  Often, when we discuss quarantining from…

Read more →

This article has been indexed from BitSight Security Ratings Blog Cybersecurity is a critical risk that can materially impact a company’s bottom line. Unfortunately, investors are largely in the dark when it comes to understanding the cybersecurity of the companies…

Read more →

This article has been indexed from BitSight Security Ratings Blog Recent BitSight research shows that 76% of healthcare organizations may be at increased risk of ransomware attacks due to poor TLS/SSL configuration management. TLS/SSL certificate and configuration management presents a…

Read more →

This article has been indexed from BitSight Security Ratings Blog Today’s opportunistic hackers are seasoned professionals who are getting more adept at exploiting your organization’s digital attack surface. To do this they employ a variety of attack vectors. Read the…

Read more →

This article has been indexed from BitSight Security Ratings Blog To protect your organization against cyber security risks, it’s important to have a cyber risk management program in place. But does your organization’s program take into consideration its entire attack…

Read more →

This article has been indexed from BitSight Security Ratings Blog Recent BitSight research shows healthcare organizations that display poor patching cadence can be up to 7x more likely to experience ransomware.  Ransomware attacks on Scripps Health in San Diego, Ireland’s…

Read more →

This article has been indexed from BitSight Security Ratings Blog Cyber risk management should be a priority for any organization. And while there are many measures your business can take to reduce cybersecurity risk across the enterprise, how do you…

Read more →

This article has been indexed from BitSight Security Ratings Blog A single unauthorized device being used on your network. An unsanctioned application someone’s accessing from their non-secure home PC. A small vendor with a seemingly insignificant vulnerability.  All of these…

Read more →

This article has been indexed from BitSight Security Ratings Blog Ransomware is rapidly becoming the most common form of cyberattack. According to the Verizon 2021 Data Breach Investigations Report, ransomware incidents have doubled year-over-year with headline-grabbing consequences.  Read the original…

Read more →

This article has been indexed from BitSight Security Ratings Blog In early September, a threat actor leaked nearly 500,000 Fortinet VPN login names and passwords that were allegedly scraped from vulnerable devices last summer. The leaked credentials could allow hackers…

Read more →

This article has been indexed from BitSight Security Ratings Blog In early September, a threat actor leaked nearly 500,000 Fortinet VPN login names and passwords that were allegedly scraped from vulnerable devices last summer. The leaked credentials could allow hackers…

Read more →

This article has been indexed from BitSight Security Ratings Blog Cybersecurity is one of the biggest threats to global commerce in the 21st century. By providing data-driven insights into cybersecurity, we can empower the marketplace to make better, risk-informed decisions…

Read more →

This article has been indexed from BitSight Security Ratings Blog With the average cost of a data breach in the U.S. reaching nearly $8.6 million, your organization can’t afford to ignore cybersecurity risk. Indeed, the need for security risk management…

Read more →

This article has been indexed from BitSight Security Ratings Blog It’s a question more people are asking with each passing day: How do I know if I am at risk for a ransomware attack?Unfortunately, the fact that so many are…

Read more →

This article has been indexed from BitSight Security Ratings Blog Credit unions must be on high alert for cyberattacks. That’s according to a recent warning issued by the National Credit Union Administration (NCUA), who cautioned the industry of potential avenues…

Read more →

This article has been indexed from BitSight Security Ratings Blog The red lights are flashing everywhere. News stories are warning about a sharp rise in ransomware attacks, a 2000X fold increase in cybersecurity breaches, and more cyber-related doomsday scenarios. Meanwhile,…

Read more →

This article has been indexed from BitSight Security Ratings Blog The red lights are flashing everywhere. News stories are warning about a sharp rise in ransomware attacks, a 2000X fold increase in cybersecurity breaches, and more cyber-related doomsday scenarios. Meanwhile,…

Read more →

This article has been indexed from BitSight Security Ratings Blog Imagine you’ve alerted your IT team to a critical infrastructure error plaguing your network. You ask them to drop their current work and focus on immediate remediation of this detected…

Read more →

This article has been indexed from BitSight Security Ratings Blog With cyberattacks on the rise, security investments are more important than ever. Still, the pandemic has forced many organizations to reconsider how they allocate their IT dollars. Between the new…

Read more →

This article has been indexed from BitSight Security Ratings Blog Recent events have made cybersecurity a top concern among C-suite executives. The SolarWinds breach, Capital One incident, and Colonial Pipeline attack are just a few of the noteworthy events that…

Read more →

This article has been indexed from BitSight Security Ratings Blog From sensors on the factory floor to those that guide autonomous vehicles, the Internet of Things (IoT) is transforming how we live and work. Over the coming years, IoT will…

Read more →

This article has been indexed from BitSight Security Ratings Blog The recent rise in ransomware attacks and business-halting data breaches has made it clear that your organization must prioritize cyber security performance. But ad hoc security controls and defensive measures…

Read more →

This article has been indexed from BitSight Security Ratings Blog The recent rise in ransomware attacks and business-halting data breaches has made it clear that your organization must prioritize cyber security performance. But ad hoc security controls and defensive measures…

Read more →

This article has been indexed from BitSight Security Ratings Blog If your organization is like many others, its cyber exposure continues to grow over time. During the pandemic, as attackers sought to exploit unprecedented changes in work environments, 35% of…

Read more →

This article has been indexed from BitSight Security Ratings Blog If your organization is like many others, its cyber exposure continues to grow over time. During the pandemic, as attackers sought to exploit unprecedented changes in work environments, 35% of…

Read more →

This article has been indexed from BitSight Security Ratings Blog Cybersecurity incidents are on the rise, and the monetary setbacks for victims are considerable. The average cost of a data breach in the U.S. has soared to nearly $8.6 million,…

Read more →

This article has been indexed from BitSight Security Ratings Blog Cybersecurity incidents are on the rise, and the monetary setbacks for victims are considerable. The average cost of a data breach in the U.S. has soared to nearly $8.6 million,…

Read more →

This article has been indexed from BitSight Security Ratings Blog Your supply chain is more critical now than ever. Vendors and third parties are essential to helping your organization scale to meet demand, gain access to greater resources, respond to…

Read more →

This article has been indexed from BitSight Security Ratings Blog Your supply chain is more critical now than ever. Vendors and third parties are essential to helping your organization scale to meet demand, gain access to greater resources, respond to…

Read more →

This article has been indexed from BitSight Security Ratings Blog It happened again – another disruptive ransomware attack. On July 2, 2021 Kaseya, a Florida-based software provider that provides Remote Management Monitoring, warned of its software being abused to deploy…

Read more →

This article has been indexed from BitSight Security Ratings Blog Cybersecurity readiness is the ability to identify, prevent, and respond to cyber threats. Yet despite the daily headlines and warnings, organizations struggle to achieve cybersecurity readiness. Just look at the…

Read more →

This article has been indexed from BitSight Security Ratings Blog If you operate in specific sectors, cybersecurity maturity is more than a best practice, it’s a regulatory requirement. These regulations are complex and constantly changing. To help you better understand…

Read more →

This article has been indexed from BitSight Security Ratings Blog If you operate in specific sectors, cybersecurity maturity is more than a best practice, it’s a regulatory requirement. These regulations are complex and constantly changing. To help you better understand…

Read more →

This article has been indexed from BitSight Security Ratings Blog As cyber security threats proliferate, cyber risk conversations are no longer limited to the Security Operations Center (SOC); they command the attention of the C-suite and the boardroom. Read the…

Read more →

This article has been indexed from BitSight Security Ratings Blog BitSight, the Standard in Security Ratings, has established itself as not only a clear leader in security ratings but now also in the burgeoning field of data privacy. Read the…

Read more →

This article has been indexed from BitSight Security Ratings Blog The European Union (EU) will soon launch a new regulation that will require banks and firms in the global financial industry to mature their third-party risk management programs to include…

Read more →

This article has been indexed from BitSight Security Ratings Blog For the first time, cloud security breaches and incidents are more commonplace than on-premises attacks. According to the 2021 Verizon Data Breach Investigations Report (DBIR), in 2020, 73% of cyberattacks…

Read more →

This article has been indexed from BitSight Security Ratings Blog We all know threat detection is important, but what exactly is it, and why is it so hard to do effectively? In light of recent cyber attacks on U.S. infrastructure…

Read more →

This article has been indexed from BitSight Security Ratings Blog Software supply chain attacks have become increasingly prevalent over the last couple of years. Noted as the first large-scale attack in recent months, the SolarWinds data breach wreaked havoc on…

Read more →

This article has been indexed from BitSight Security Ratings Blog As the digital transformation of enterprises continues to accelerate, cyber risk remains a top concern for business leaders. But cyber risk is often thought about in technical terms as opposed…

Read more →

This article has been indexed from BitSight Security Ratings Blog As the digital transformation of enterprises continues to accelerate, cyber risk remains a top concern for business leaders. But cyber risk is often thought about in technical terms as opposed…

Read more →

This article has been indexed from BitSight Security Ratings Blog Microsoft recently announced that the threat actor Nobelium continues to target government agencies, think tanks, consultants, and non-government organizations with cyber attacks.  Read the original article: Nobelium Attack Highlights Risk…

Read more →

This article has been indexed from BitSight Security Ratings Blog Spurred by the pandemic and a need for greater collaboration and business efficiency, cloud adoption is soaring. According to the Flexera 2021 State of the Cloud Report, spending on cloud…

Read more →

This article has been indexed from BitSight Security Ratings Blog Summary To gauge the impact of flawed pseudorandom number generators in network devices, BitSight scanned the public Internet for RSA public keys and was able to factor the public modulus…

Read more →

This article has been indexed from BitSight Security Ratings Blog The term “digital resilience” has gained momentum over the past few years as cybersecurity threats have grown, but what does it really mean? And how can a company become digitally…

Read more →

This article has been indexed from BitSight Security Ratings Blog BitSight research demonstrated some organizations are more than eight times as likely to become ransomware victims. Read the original article: Evidence-Based Strategies to Lower Your Risk of Becoming a Ransomware…

Read more →

This article has been indexed from BitSight Security Ratings Blog In the six months since the SolarWinds supply chain attack there has been increased action in the cybersecurity breach world – and the bad actors aren’t letting up. This means…

Read more →

This article has been indexed from BitSight Security Ratings Blog According to a Cybersecurity Ventures report, global cybercrime costs are expected to grow by 15% per year over the next five years — reaching $10.5 trillion USD annually by 2025.…

Read more →

This article has been indexed from BitSight Security Ratings Blog After last week’s catastrophic cyber incident targeting Colonial Pipeline, could more U.S. Oil and Energy companies be at risk of a ransomware attack?  Read the original article: Colonial Pipeline is…

Read more →

This article has been indexed from BitSight Security Ratings Blog In light of recent significant attacks targeting the U.S. government, the Biden administration issued an Executive Order (EO) on cybersecurity on May 8, 2021. Overall, the EO starts to fill…

Read more →

This article has been indexed from BitSight Security Ratings Blog Vendors and third party partners are essential to helping your business grow and stay competitive. But outsourcing to third parties also dramatically increases your attack surface. A recent independent study…

Read more →

This article has been indexed from BitSight Security Ratings Blog Organizations rely on third-parties to keep competitive in the marketplace. The EY global third-party risk management survey highlights that in 2019–20, over 33% of the 246 global companies surveyed were…

Read more →

Security risk assessments are an important tool in your organization’s arsenal against cyber threats. They shine a spotlight on areas of risk in your digital ecosystem, inform and prioritize mitigation strategies, and ensure hard-earned resources are allocated where they’re needed…

Read more →

A couple of years ago, industry research firm Gartner introduced a new acronym—SOAR—into the cybersecurity nomenclature. SOAR stands for “security orchestration, automation, and response.” It’s not an individual tool, or even set of tools. Like ISO 27001, GDPR, FISMA, and…

Read more →

It’s hard to believe, but BitSight is celebrating our 10 year anniversary this week! I co-founded BitSight in 2011 with my friend and grad school classmate, Nagarjuna Venna. When I think back at our original idea of creating a global…

Read more →

Now more than ever before, it’s critical to build a strategic security performance management program in which you take a risk-based, outcome-driven approach to measuring, monitoring, managing, and reporting on your organization’s cybersecurity program performance over time. Of course, in…

Read more →

Read the original article: 4 Best Practices for Attack Surface Management Accelerated by the pandemic, digital ecosystems are expanding. New ways of working remotely, and the rapid adoption of cloud technologies have increased the number of digital touch-points that employees…

Read more →

Read the original article: Improve Your Cyber Risk Monitoring Tools Whether your organization is just beginning to develop your security performance management systems, or you already have a mature and established program in place, there is always room to innovate…

Read more →

Read the original article: 5 Best Practices for Conducting Cyber Security Assessments Third parties are essential to helping your business grow and stay competitive. But if you’re not careful, your trusted partnerships can introduce unwanted cyber risk and overhead into…

Read more →

Read the original article: 5 Best Practices for Conducting Cyber Security Assessments Third parties are essential to helping your business grow and stay competitive. But if you’re not careful, your trusted partnerships can introduce unwanted cyber risk and overhead into…

Read more →

Read the original article: Cybersecurity Controls Every Organization Needs in 2021 The cybersecurity controls used to manage an organization’s cybersecurity program in previous years will not work against bad actors targeting networks today. Organizations rely more on cloud computing technology,…

Read more →

Read the original article: Cybersecurity Models Explained Security risk managers often face a lot of the same roadblocks, even if they’re managing programs of different sizes or in different industries. Basing security practices on well-known, and sometimes government-regulated cybersecurity models…

Read more →

Read the original article: 5 Tips to Improve Cyber Security Monitoring of Your Vendors What’s the biggest struggle your vendor risk managers face when establishing cyber security monitoring processes? From sudden increases in the use of third-parties by your organization,…

Read more →

Read the original article: Cyber Risk Quantification Through the Lens of Financial Exposure There’s no question about it: Being exposed to cyber risk is an inevitable part of doing business in today’s world. In fact, a recent ESG study found…

Read more →

Read the original article: Cyber Risk Quantification Through the Lens of Financial Exposure There’s no question about it: Being exposed to cyber risk is an inevitable part of doing business in today’s world. In fact, a recent ESG study found…

Read more →

Read the original article: What We Can Learn About Backdoor Attacks From WordPress Millions of organizations world-wide rely on WordPress for website creation and management. In fact, currently there are over 75 million sites that use WordPress for their operations.…

Read more →

Read the original article: What’s Covered Under Cyber Risk Insurance It’s not hard to justify why you need property insurance when you’re surrounded by your physical goods that you don’t want to be lost or damaged in your home or…

Read more →

Read the original article: What’s Covered Under Cyber Risk Insurance It’s not hard to justify why you need property insurance when you’re surrounded by your physical goods that you don’t want to be lost or damaged in your home or…

Read more →

Read the original article: What’s Covered Under Data Breach Insurance It’s not hard to justify why you need property insurance when you’re surrounded by your physical goods that you don’t want to be lost or damaged in your home or…

Read more →

Read the original article: BitSight Observations Into Hafnium Part Four: Who Is Still Vulnerable? The unfolding Hafnium attack is the latest event in the trend of cyber events. CISO’s are starting to recognize that enterprise cyber security is being redefined…

Read more →

Read the original article: BitSight Observations Into Hafnium Part Four: Who Is Still Vulnerable? The unfolding Hafnium attack is the latest event in the trend of cyber events. CISO’s are starting to recognize that enterprise cyber security is being redefined…

Read more →

Read the original article: Common Cloud Service Providers Are Not Immune To Cyber Attacks Oftentimes, security managers fall into the trap of believing that a large or commonly used cloud services organization is safe to have connected to their network.…

Read more →