In the last few years, boards have rushed to incorporate Cyber Risk into the Board’s overall risk management duty, without really knowing how effective those efforts have been. For the first time ever, Diligent and Bitsight have partnered to see just how well the effort at the board level is translating into reducing Cyber Risk for their company.

Bitsight's leading analytics and workflows allow Nomura Asset Management to effectively reduce cyber risk across credit portfolios through targeted engagement. The increasing frequency and complexity of cyber attacks makes one thing clear - cyber risk is inextricably linked to business performance. This has prompted investors to prioritize cyber risk assessments within their portfolios.

No matter how robust your cyber defenses are, there is a high likelihood that your organization will experience a cybersecurity incident—either directly or as a result of a supply chain attack. Implementing a cybersecurity incident response plan can help you effectively address a cyber event, reduce disruptions to your business operations, and ensure compliance with regulations.

If there's one certainty in life for CISOs it is that when it is time to buy into a new or consolidating security technology niche, they're going to have to eat their fair share of alphabet soup. Tech analysts and marketers do love their acronyms after all. We've got our SIEMs, our SOCS, and our MFAs and MDRs to prove that one out.

We’re back again with a monthly-ish blog reflecting on major goings on in the security world. I am writing the first draft on the rarest of holidays, leap day1! February gets extended by a day every four years, and if we had to guess Ivanti wishes this month would end.

Every cybersecurity team is being challenged to do more with less. CISOs experience top-down pressure to maximize the value of their resources, consolidate vendors as much as possible, and optimize their tool stack. And, they have unchanged expectations of keeping their organization safe across ever-growing digital supply chains. But traditional approaches to VRM often leave cybersecurity teams grappling with a tangled web of manual processes, disparate tools, and fragmented data.

Australia has seen several high profile cyber incidents in 2023 and has seen significant loss of customer data (Canva’s 139 million customers, Latitude’s 7.9 million customers HWL Ebsworth’s 65 government agencies, 2.5 million documents). According to the OAIC Notifiable Data Breaches Report: January to June 2023, the top 3 sectors in that period to report data breaches are Health Service Providers (65 notifications), Finance incl.

As cybersecurity leaders, we're all too familiar with the challenges posed by Shadow IT—a persistent thorn in the side of IT and security teams worldwide. And when high-profile supply chain attacks make headlines, the urgency to understand our reliance on third parties becomes all too real.

Since July 2022, Bitsight has been tracking PrivateLoader, the widespread malware downloader behind the Russian Pay-Per-Install (PPI) service called InstallsKey. At the time, this malware was powering the now decommissioned ruzki PPI service. Figure 1 presents a brief description of the service, which was found in their sales telegram channel. Fig. 1 - Service description on telegram channel profile (Russian and English).

Proudly serving over 3,000 enterprises globally, Bitsight works closely with risk leaders across industries to help them protect their businesses. CISOs and third-party risk professionals face pressing challenges, from regulations to efficiency to maintaining supply chain resilience—all calling for smarter, easier, and more integrated solutions.