BitSight Risk Review

Education is often overlooked but is an industry with complex, vulnerable and critical security issues today. Thousands of unmanaged devices, private student records, transient or at home uses, and sensitive research data creates a prime target for hackers and malicious actors. Education CISOs arguably have one of the toughest jobs in security, balancing the need for security with facilitating the climate of open conversation and sharing that make universities what they are. In this episode we’re joined by Alex Campoe, Chief Information Security Officer of the University of South Florida, to discuss how one university is staying ahead of the curve when it comes to their security.

Healthcare is under attack. Healthcare organizations are prime targets for hackers due to the valuable protected health information (PHI) they store and the vital role they play in our nation’s critical infrastructure. Indeed, 89 percent of healthcare organizations have experienced a data breach in the past two years and the sector was the leading industry for cyberattacks and data breaches in 2018. In 2019, the trend looks to continue with six hospitals and healthcare systems reporting large scale attacks in the month of July alone. However, what’s even scarier, than losing the data, is the human impact of these breaches. A breach triggers remediation expenses, regulatory inquiries, litigations, which could disrupt and delay hospital services and lead to worse patient outcomes   In this episode, Marc Light (VP of Data & Research, BitSight) and Eric Johnson (Dean at Vanderbilt Owen Graduate School of Management) will be discussing research conducted on the impact data breaches have on patient care and just how vulnerable the healthcare industry still is to cyber threats today. 

Disruptive risks represent one of the most pressing topics for corporate directors; on a global basis, we face disruptions in critical areas such as geopolitical volatility, economic slowdown, emerging technologies, cybersecurity threats, and climate change. While disruptive risks are of top concern for directors, their confidence in corporate risk management is alarmingly low. In this episode, James Lam (Independent Advisor and Risk Oversight Committee Chair), discusses the presence of disruptive risk in a business context from the Board’s perspective.

There is a growing awareness that third-party cyber risk must be managed to protect your organization’s reputation, intellectual property, data, and competitive advantage. Whether you have a few vendors or thousands, the task of knowing which vendors to manage and at what frequency can be overwhelming, especially as your business continues to grow and expand. In this episode, Kim Johnson (Senior Product Marketing Manager, BitSight) will be discussing how BitSight can mitigate the cyber risk stemming from an increasing supplier ecosystem, proactive tips to launch and grow your third-party risk management program, and research insights from BitSight’s newest report.     

Today, security leaders are expected to report to their Board of Directors and executives on the performance of their organization’s cybersecurity program. To do this effectively, security leaders need a way to assess their relative performance in the context of their industry and peer group.   In this episode, Brian Mulligan (Senior Product Manager, BitSight) and Celia Baker (Industry CISO & risk consultant) discuss BitSight’s new Peer Analytics solution and how it allows organizations to do understand their performance at a more granular level— ultimately giving leaders the visibility required to develop achievable improvement plans, allocate resources appropriately, and consistently measure outcomes.  

In this episode, Miguel Pinto (Senior Product Manager, BitSight) discusses BitSight Forecasting, our newest analytics offering. Listen now to learn more about how BitSight Forecasting gives users the ability to model different scenarios and paths of remediation to project future security performance, as well as the importance of this forward-looking view for businesses to answer difficult yet critical questions about where to spend security budgets and risk reduction efforts.

October is Cybersecurity Awareness Month, and that means that most organizations are thinking about how they handle security and risk within their company. In this episode, Andrew Calo (Manager of Technology Risk, BitSight) discusses how to create a culture of risk-aware employees where data is handled carefully, security awareness training initiatives are implemented, and a feeling of responsibility and accountability for cybersecurity among employees is present.

In this episode, Angela Gelnaw (Senior Product Marketing Manager, BitSight) discusses how security ratings enable organizations to quantify their cyber risk, measure the impact of risk mitigation efforts, benchmark their performance against industry peers, and report security progress and results to Boards of Directors more clearly and effectively.  

In this episode, Jennifer Pesci-Anderson (VP & National Practice Lead, Verterim) discusses Verterim’s relationship with BitSight, the role that security ratings play to strengthen GRC programs, and how security ratings fit into risk management programs overall. CIO Applications has named Verterim to their "Top 25 GRC Technology Solution Providers" for 2018. CIO Applications identified the companies making great strides in tailoring enterprise-specific, cost-effective GRC solutions and assisting businesses in devising suitable GRC strategies that align with overall business objectives.

In this episode, David Grady (Senior Client Partner, Verizon) discusses the launch of Verizon’s newest venture into the world of cybersecurity and risk. Listen now as he breaks down the Verizon Risk Report (VRR), explains how BitSight Security Ratings play a central role in the new offering, and the vision for the VRR moving forward.

In this episode, Brian Cohen (CFO, BitSight) and Dave Fachetti (CMO & EVP of Strategy, BitSight) discuss their involvement sitting on and reporting to various Boards of Directors, what executive teams are looking for when it comes to cybersecurity programs, and how to best communicate cyber risk to executives and the Board.

In this episode, Tom Zinzi (Federal Sales Manager, BitSight) breaks down the results and implications from a recent BitSight Insights report which analyzes the security posture of US government contractors and subcontractors. Given that 50% of data breaches happen through third parties, US government agencies must ensure that their cybersecurity practices are not at risk due to their contractors and subcontractors. Listen as Tom discusses the importance of vendor risk management and continuous monitoring in the federal space, and best practices to proactively mitigate federal risk using Security Ratings.

In this episode, Noah Simon, Product Marketing Manager at BitSight, discusses the common "blind spots" associated with vendor risk management (VRM) or third-party risk management (TPRM). Listen now to learn more about mitigating the risk from third-party vendors, several misconceptions surrounding VRM /TPRM, and how to proactively create a strategy to avoid common pitfalls.  

In this episode, Joao Gouveia, CTO of Anubis Networks (a BitSight company), calls into the show to discuss Anubis’ sinkholing infrastructure. Listen now to learn more about sinkholes, what makes Anubis’ sinkholing infrastructure the largest in the world, and why this matters to the industry at large.

In this episode, we talk with Jake Olcott, BitSight’s VP of Communications & Government Affairs, about the cybersecurity regulation landscape today and the impact it can have on organizations building or operating their vendor risk management programs. Listen now to hear more about notable and emerging cybersecurity regulations, how to build a vendor risk management program around them, and what businesses can expect from regulators in the upcoming months.

In this episode, we talk with Kevin Amorin, BitSight’s Director of Engineering, about BitSight’s recent milestone of hand mapping security information for over 100,000 human-validated organizations. Listen now to hear about the evolution of BitSight’s technical research and mapping teams, understand why BitSight has the most high-quality data ecosystem, and what sets our process apart from other security rating services.  

Welcome to the inaugural installment of the BitSight Risk Review! In this episode, BitSight’s CTO and Co-Founder, Stephen Boyer, discusses how Security Ratings can help proactively mitigate risk in today’s business ecosystem. Listen now to hear how Security Ratings can help organizations and cyber insurers reduce risk. Using security ratings, companies can scale their vendor risk management programs, benchmark their performance against industry peers, report security progress and results to Boards of Directors more clearly and effectively, and measure the cybersecurity performance of potential acquisition targets or portfolio companies.