BitSight Insights: Powerhouses and Benchwarmers

Posted by Tom Turner

Aug 21, 2014 8:30:00 AM

Assessing the Cyber Risk of Collegiate Athletic Conferences

It is no secret that America's colleges and universities hold a wealth of personal and sensitive information that is frequently targeted by cybercriminals, as evidenced by some public data breaches in the past year affecting major universities. Today we at BitSight published our quarterly BitSight Insights report that analyzes the security performance of higher education insitutions in America.  We conducted a thorough analysis of the largest and most prestigious collegiate athletic conferences in the nation: the ACC, SEC, Pac 12, Big 10, Big 12 and Ivy League. The member schools of these athletic conferences are large to medium sized universities that give a strong representative sample of the higher education industry in the United States, encompassing a student population of 2.25 million and a network space of more than 11 million IP addresses.


Topics: BitSight Insights

Why are America's colleges a prime target for cyber criminals?

Posted by Ben Fagan

Aug 19, 2014 10:12:00 AM

179292405The last couple of years have been tough on higher education systems in terms of cyber security. In 2012, in particular, there was a near-record-high number of data breaches, with nearly two million exposed records reported. The following year saw Maricopa Community College in Arizona experience a data breach that affected 2.4 million people. In 2014, there have already been several high-profile .EDU data breaches. In our latest BitSight Insights report, we found that many universities are struggling to secure their networks due to unique IT infrastructure requirements and persistent security problems. 


Topics: Security Risk Management

Performance Measurement and the Cyber Security Mindshift

Posted by Melissa Stevens

Aug 12, 2014 9:00:00 AM

Measuring Security PerformanceThe other day, I received yet another email asking, "How much cyber security is enough?" You probably recognize this message, and see similar phrases on a regular basis. It's a really interesting question and something that a lot of people ponder, but more importantly, I think it signifies an important mind-shift that is starting to occur in the security space. We're starting to wonder, "When will it be enough? When will I be able to say I'm secure?"  The quantification of security performance is now a reality.


Topics: Benchmarking, Security Performance, Security in the Board Room

How can the SEC become the primary regulator of corporate cyber security?

Posted by Ben Fagan

Aug 6, 2014 9:00:00 AM

479235277In 2011, the SEC issued a set of disclosure guidelines that told companies to disclose any potential cyber risk, possible effects of that risk, as well as the status of internal controls and risk management procedures in place. It was a grand idea, one that had the potential to protect investors and boards by keeping them in the loop when it came to matters of security. Unfortunately, its grand potential wasn’t brought to fruition. The guidance was never updated to account for the growing frequency of security breaches, and companies were failing to report cyber incidents. Now, the SEC is revisiting the issue and considering turning those guidelines into standards so that companies will have to live up to the level of transparency their investors have come to expect.


Topics: Industry Regulation, Breach Regulation

Months After Target Breach, Retailers Still Leaving Data at Risk

Posted by Stephen Boyer

Jul 29, 2014 9:00:00 AM

On July 21, 2014, Brian Krebs (once again) broke the news of a potentially major retail breach. Goodwill Industries and its 165 independent agencies across North America appear to be the most recent victims in the seemingly plagued retail industry.


Topics: Retail, Security Performance

Putting Preparedness in Context: Comparing Your Security Performance to Other Companies in Your Industry

Posted by Melissa Stevens

Jul 23, 2014 9:00:00 AM

BitSightiPadDavid Burg, Principal at PriceWaterhouseCoopers, said recently that businesses are moving beyond mere compliance when assessing their security postures. Today’s companies now view outstanding security performance to be a major competitive advantage. How does your company stack up to others in the industry? Benchmarks let you know whether you’re getting the most for your security investment and whether your performance is keeping you at the top of your game.


Topics: Benchmarking

The SEC emerges as a vocal proponent of cyber security

Posted by Ben Fagan

Jul 17, 2014 10:00:00 AM

US-SecuritiesAndExchangeCommission-SealProposed cyber security legislation, notably bills relating to a federal data breach notification standard, has been slow moving in the halls of Congress. While measurable progress has been made on some legislative pushes -- recently evidenced by the Senate Intelligence Committee’s passage of Sen Dianne Feinstein’s cyber threat information sharing bill -- it would be a stretch to say that lawmakers are currently influencing how private industry addresses this issue.

Yet the slow pace of legislation does not mean that Washington has kept quiet about the importance of IT security in today’s business environment. The SEC (Securities & Exchange Commission) has been increasingly vocal about the importance of corporate cyber security. Last month, SEC Commissioner Luis Aguilar called on corporate boards to take steps to include cyber issues in overall risk management decisions made at the board level. This guidance echoes last year’s alert, issued by the SEC’s Office of Compliance Inspections & Examinations, which outlined policies and procedures that companies should adopt to be in compliance.


Topics: Transparency, Industry Regulation, Breach Regulation

Utilizing Security Ratings for Enterprise IT Risk Mitigation

Posted by Ben Fagan

Jul 9, 2014 10:40:00 AM

BitSightiPadBusinesses need to adapt to a constantly changing risk landscape to address increasingly dangerous cyber threats. Recent ESG analysis shows that 49% of enterprise organizations suffered from a successful malware attack in the past 24 months. So what do businesses need to address these challenges to security? Actionable, objective and continuous intelligence into security risk across their ecosystem.


Topics: BitSight, Security Ratings

Boards Struggle With Measuring Security Performance - Are Security Ratings the Answer?

Posted by Melissa Stevens

Jul 2, 2014 8:00:00 AM

chair-in-the-boardroomOver the past few weeks, there have been several discussions on the presence of cyber security in the board room, and the challenges boards are facing when it comes to mitgating security risk.  


Topics: Security in the Board Room

Data Driven Security Podcast: Measurement & Security Performance

Posted by Melissa Stevens

Jun 26, 2014 9:00:00 AM

dds-header-imageOn June 22, 2014, BitSight CTO and Cofounder Stephen Boyer (@SWBoyer) joined Bob Rudis (@hrbrmstr) and Jay Jacobs (@jayjacobs) on their Data Driven Security Podcast series.  This conversation was long in the works, and something we were really excited to be a part of. 


Topics: Big Data, Benchmarking