How You Can Avoid Becoming the Next Sony

Posted by Nick Gagalis

Dec 16, 2014 6:00:00 AM

As you've heard by now, Sony Pictures suffered a major breach in November, and is still feeling the consequences of it. The FBI warned that other companies could be attacked with similar malware, but that isn't the only reason you should care about this event in particular.


Topics: Security Risk Management, News, Critical Infrastructure, Security Performance

Cyber Security News Round-Up: More Legislation, Guidance for Banks

Posted by Melissa Stevens

Dec 15, 2014 12:11:00 PM

cyber security banking regulationsCyber security in the financial services industry was a hot topic last week.  Below is a round-up of big stories affecting banks and creditors.


Topics: News, OCC

BitSight Bits: Quantifying Security Performance

Posted by Nick Gagalis

Dec 10, 2014 6:00:00 AM

During last month's SANS webinar, Quantifying Security Performance: The What, Why and How of Security Ratings, BitSight CTO and Co-Founder Stephen Boyer answered questions from attendees. Here are some of the most interesting questions people posed, and our answers for each one. There are also two clips from the webinar recording.


Topics: Security Ratings, Benchmarking, Security Performance

Poodle is Back! TLS Targeted by New Vulnerability

Posted by Melissa Stevens

Dec 9, 2014 2:09:00 PM

Scan-for-BugsLast October the world was alerted to Poodle, a vulnerability on websites and servers running SSL 3.0. Acting as a "man in the middle," would-be attackers could compromise the secure connection between a browser and a website, and inject JavaScript that enabled them to view these communications, stealing unencrypted data and manipulating traffic flow. The apparent fix at the time was to upgrade from SSL 3.0 to TLS, but new research suggests this may not be the case.


Topics: News

BitSight Expands Breadth and Transparency of Security Ratings

Posted by Ben Fagan

Nov 25, 2014 8:04:00 AM

BitSight has released new capabilities and features in the BitSight Security Ratings portal to widen the data breadth offered to customers and give more detailed, granular performance analytics on specific risk vectors. These changes are available to all enterprise, team, and individual tier customers today.


Topics: BitSight, Security Ratings

Are Third Parties to Blame for Poor Security Performance in the Retail Industry?

Posted by Nick Gagalis

Nov 18, 2014 6:07:00 AM

Today, we released a new study on retail industry security performance — just in time for the holiday shopping season! Considering all of the retail breaches that occurred over the last 12 months, we wanted to find out if retailers had taken measures to make their data more secure.


Topics: Retail, Security Ratings, Third Party Data Breach, Security Performance

Advanced threats, increased regulations and board involvement: How credit unions can prepare for cyber risks

Posted by Zackary Loughlin

Nov 11, 2014 11:23:00 AM

creditunionblogCredit unions are facing increasing numbers of cyber attacks according to a survey for NAFCU’s October Economic & CU Monitor. This survey found that nearly 84% of respondents were operationally impacted by a local data breach within the last two years. While these effects may not garner the same headlines as large breaches affecting corporations such as Target and Home Depot, they have the opportunity be just as damaging for smaller financial institutions like credit unions. In addition, credit unions have the same sensitive information as other financial institutions, including credit and personal information. Credit unions are also facing daunting regulatory requirements, which at larger banks are often handled by entire risk and compliance teams. This increased threat landscape and regulatory pressures has, as we have noted before, elevated cyber risk issues to the board level.


Topics: Benchmarking

The Data Breach is Over... let the Phishing Begin!

Posted by Melissa Stevens

Nov 10, 2014 11:12:00 AM

phishingLast week it was revealed that more than 53 million email addresses were stolen as part of the Home Depot breach discovered last September. Combined with the 76 million email addresses stolen in the JPMC data breach in June, we're talking about more than 125 million email addresses available for cyber criminals to use in highly targeted email phishing scams.  

But are breach-wary consumers and businesses still paying attention to this news? Are they aware of the risks they still face even as the breach itself has been contained? 


Topics: News, Retail, Third Party Data Breach

What You Can Learn from the JPMorgan Breach

Posted by Nick Gagalis

Nov 6, 2014 10:09:00 AM

Ever since the JPMorgan Chase breach was made public, companies have been watching closely to see the aftermath, the bank's course of action, and any best practices that may be developed as a result.

In this post, I've highlighted some of the most notable details of the breach, explaining why they're important and why they matter even outside of the Financial Services industry.


Topics: News, Third Party Data Breach, Benchmarking

How CISOs can Earn a Seat in the Boardroom

Posted by Nick Gagalis

Oct 29, 2014 6:00:00 AM

It’s been a slow but sure evolution for the modern-day CISO. When the position made its debut in the corporate world, the CISO was a firefighter, constantly battling security issues as they arose. CISOs were usually hired only after a security threat affected a given company. They weren’t given access or authority, so it was hard to break out of the firefighter role.

The next step for CISOs was to become more strategic about their actions. (This is where a great opportunity lies for many companies today.) Instead of simply reacting to problems, CISOs at forward-thinking companies started predicting where future problems might arise and crafted their plans accordingly.


Topics: Security in the Board Room