ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY
Prnewswire | April 21, 2023
Bitsight, a leader in managing and monitoring cyber risk, today unveiled its expansion into a broader category of integrated cyber risk management. As the category creator and global leader in the cybersecurity ratings industry, Bitsight's enhanced strategy will deliver new capabilities to empower security professionals and business leaders to more effectively and holistically manage cyber risk. The announcement includes large-scale distribution of risk data and insights through Moody's/BVD's Orbis, a new Third-Party Vulnerability Detection & Response solution, and more predictive cyber risk ratings that help mitigate cyber risk and make CISOs and risk professionals' jobs easier.
Bitsight's integrated solutions address the needs of CISOs and risk leaders, whose roles have become more challenging in recent years with digital transformation, supply chain risk, and expanded attack surfaces. "As the cyber threat landscape worsens and the global regulatory landscape demands more nimble and thorough risk management, Bitsight has evolved to stay ahead of our customers' needs. Business leaders, risk leaders and boards are turning to us as an integrated solution to manage risk and build trust across their ecosystem," said Bitsight CEO Steve Harvey.
Furthermore, comprehensive cyber risk management is also essential to good corporate governance, reaffirmed by the recently released White House national cyber strategy, pending SEC regulations on cybersecurity disclosure, and cybersecurity requirements emerging throughout Europe and Asia. Harvey noted, "Our strategic shift to become an integrated cyber risk management leader means we're able to provide customers and governments with the industry's most impactful data, services and tools to confidently navigate the uncertain cyber landscape."
Accelerated Partnership with Moody's Corporation
Newly-added integrations with Moody's will deliver expanded insights for enterprises and assist with holistic cyber risk management. In October 2021, Moody's Corporation invested $250 million in Bitsight, and the two companies announced a landmark partnership agreement. Through this partnership, Bitsight became the primary cyber risk analytics provider across Moody's suite of integrated risk assessment offerings.
Bitsight data is now accessible by nearly 2,000 global credit analysts within Moody's Investors Service. These analysts are leveraging Bitsight to better understand the relative cyber risk of issuers, engage issuers on cybersecurity risk, and publish research on the intersection of cyber risk and credit risk. Additionally, Bitsight ratings data is now also integrated within Moody's Analytics' BVD Orbis platform, enabling non-technical risk managers to easily consider cyber risk factors in counterparty risk analysis.
"The rise of cyberattacks and ransomware has created an imperative for business leaders and boards to assess and quantify their cyber risk," said Moody's Analytics President Stephen Tulenko. "Bitsight is our trusted partner in helping leaders to better understand, measure, and navigate the cyber risk landscape with confidence."
Through these integrations, Bitsight and Moody's insights may be used together in powerful combinations for applications such as Know-Your-Customer, supply chain management, insurance underwriting, and credit risk assessment.
New Third-Party Vulnerability Detection & Response Application
To further its cyber risk management capabilities, Bitsight has enhanced its Third-Party Vulnerability Detection tool to include a Response workflow. Zero-day attacks and other vulnerabilities are increasingly common, and most companies are struggling to properly manage third-party exposure to critical vulnerabilities quickly, effectively, and at scale. With Vulnerability Detection & Response, cybersecurity teams can now access the most important vulnerability data and effectively prioritize vendor outreach with built-in questionnaires while tracking vendor response progress in real time. This release is another innovative application showcasing Bitsight's continued commitment to helping customers better monitor, manage, and mitigate vulnerabilities across their third-party ecosystems.
More Predictive Cyber Risk Ratings – Bitsight's Ratings Algorithm Update
Bitsight has launched a new ratings algorithm, with several key enhancements, most notably modifying the weights of several risk vectors based on independent research and insight into how those risk vectors correlate to real life cyber events. As a part of delivering an integrated cyber risk management solution, Bitsight remains committed to investing in and producing actionable cybersecurity ratings that have the strongest correlation in the industry to the likelihood of a cyber incident. "Cybersecurity ratings remain a critical tool in cybersecurity and risk leaders' arsenals, while the pressures and demands to address cyber risk have significantly expanded," said Harvey.
As attacks on organizations intensify and business leaders demand greater strategic support to address risk, Bitsight's mission to build trust in the digital economy has extended well beyond cyber risk ratings. "Risk leaders globally spend every day working against a relentless and growing problem of cyber risk uncertainty," said Harvey. "And as waves of digital transformation continue to disrupt cybersecurity stability, we are committed to supporting our current and future customers with a broad and unified cyber risk management solution that helps them navigate with greater confidence."
Learn more about our partnership with Moody's Corporation here
Learn more about Third-Party Vulnerability Detection & Response her
Learn more about the Rating Algorithm Update here
Bitsight is a global cyber risk management leader transforming how organizations manage exposure, performance, and risk for themselves and their third parties. Companies rely on Bitsight to prioritize their cybersecurity investments, build greater trust within their ecosystem, and reduce their chances of financial loss. Built on over a decade of market-leading innovation, its integrated solutions deliver value across enterprise security performance, digital supply chains, cyber insurance, and data analysis.
DATA SECURITY, ENTERPRISE SECURITY, SOFTWARE SECURITY
CyberArk | March 15, 2023
On March 14, 2023, CyberArk, the world leader in Identity Security, announced advancements to Workforce Password Management. The cloud-based business password management solution from CyberArk allows businesses to capture, store, and manage password-based apps and other secrets in a secure manner. Added features offer administrators with increased flexibility and power to minimize risk and enhance security for web-based applications.
Workforce Password Management is developed for business environments and offers the privacy, availability and security organizations require, including support for current corporate directories and passwordless authentication controls, unlike personal password managers. Some of the new things are:
Application Access Controls Based on Usernames
Support for CAPTCHA-Enabled Web Apps
Enhanced Reporting for User-Added Applications
CyberArk Secure Web Sessions and Workforce Password Management can be used together to further fortify access to critical systems. With the newest release, Secure Web Sessions provides an additional layer of defense called Session Control. Session Control enables administrators to define notification and enforcement rules for specific text fields in business applications that are accessed with credentials stored in Workforce Password Management. For example, administrators can set up a rule to stop users from transferring more than pre-set threshold within their corporate banking applications and notify the IT security team of the attempt.
Gil Rapaport, General Manager, Access Management at CyberArk, said, “Traditional password managers typically lack controls and functionalities that enterprises need to secure end-user credentials, which are constantly targeted by attackers.” He added, “Password management must be dynamic to evolve with attacker innovation. We are continuously investing in new features and functionalities for Workforce Password Management to deliver greater usability, security and control for all users within an organization – from developers and business users to IT administrators.”
(Source – Business Wire)
Founded in Newton, MA, CyberArk is the worldwide leader in identity security solutions. The company is the most comprehensive security solution for any identity, machine or human, across business apps, remote employees, hybrid cloud workloads, and the complete DevOps lifecycle, thanks to its emphasis on privileged access management. The world’s largest organizations entrust CyberArk to help secure their most vital assets.
ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY
PRWeb | May 23, 2023
KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, today announced the launch of its new QR Code Phishing Security Test (QR Code PST) tool. The no-charge tool assists organizations in identifying users that are most susceptible to scanning malicious QR codes.
Many organizations are aware of the typical social engineering techniques used by bad actors such as phishing, spear phishing and impersonation, to manipulate employees and infiltrate systems. However, bad actors are now taking advantage of the rise in popularity of QR codes and are using them to launch targeted phishing attacks.
QR code phishing is a social engineering attack that includes a malicious link within a QR code that users are prompted to scan with their smartphones. According to QRTIGER, an online QR code generator company, dynamic QR code scans increased 433% globally from 2021 to 2022 and scans quadrupled in 2022 alone.
The malicious links in QR Codes take users to risky websites, execute malware or ransomware on their devices or steal information. In fact, last year the FBI released a warning that QR codes may be tampered with by cybercriminals to direct victims to malicious sites. This is also sometimes referred to as QRLjacking.
KnowBe4’s new QR Code PST helps manage the threat of malicious QR codes by identifying users who may scan these codes and expose an organization to vulnerabilities that have the potential to cause significant downtime and security breach risks. The new, complementary tool is available for immediate use for up to 100 users in 35 languages with additional feature options. Additionally, after being used the tool calculates an organization’s Phish-prone™ Percentage (PPP) — the number of end users who are prone to being phished.
“QR codes pose a unique cybersecurity threat because unlike traditional phishing, there is no URL to verify or way to confirm its legitimacy before scanning the code,” said Stu Sjouwerman, CEO, KnowBe4. “As bad actors diversify their social engineering techniques, it is imperative that organizations educate their employees on the potential danger of QR codes. KnowBe4’s new QR Code Phishing Security Test is a great tool to use as a first step in determining how vulnerable an organization is to the threat of malicious QR codes. Training employees to be alert and to think twice before scanning, contributes towards strengthening an organization’s security culture and encourages a healthy level of skepticism.”
To begin using the new, complementary QR Phishing Security Test, visit: https://info.knowbe4.com/qr-code-phishing-security-test.
KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, is used by more than 60,000 organizations around the globe. Founded by IT and data security specialist Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness about ransomware, CEO fraud and other social engineering tactics through a new-school approach to awareness training on security. Kevin Mitnick, an internationally recognized cybersecurity specialist and KnowBe4’s Chief Hacking Officer, helped design the KnowBe4 training based on his well-documented social engineering tactics. Tens of thousands of organizations rely on KnowBe4 to mobilize their end users as their last line of defense.