Name: Building metrics in your cybersecurity program and scaling cyber resilience
Start: 2022-10-27T11:00:00Z
End: 2022-10-27T11:00:36.000Z
Location: BrightTALK
Rating: 5

Bitsight is a cyber risk management leader transforming how companies manage exposure, performance, and risk for themselves and their third parties. Global enterprises, governments, and organizations rely on Bitsight to prioritize their cybersecurity investments, build greater trust within their ecosystem, and reduce their chances of financial loss. When unrelenting market pressure pushes organizations to uncertainty and caution, they turn to Bitsight to confidently navigate cyber risk and grow with confidence.

Bitsight’s universally recognized risk standard and market-leading data provides actionable insights into how companies set and manage to standards and report results to internal and external stakeholders. Built on over a decade of technological innovation, Bitsight’s integrated solutions deliver value across enterprise security performance, digital supply chains, cyber insurance, and data analysis. 

Bitsight is on a mission to free the global economy from the material impact of cyber incidents. For more information, visit bitsight.com.

Join experts from Bitsight, Google, and Salesforce for a discussion on the current state of cybersecurity performance and how it impacts third-party risk management and cyber risk in general. 
This conversation comes shortly after Bitsight and Google collaborated to study global organizational performance across the Minimum Viable Secure Product (MVSP) framework, a minimalistic security checklist for B2B software and business process outsourcing suppliers. 
The findings?
• There are critical areas where organizations are falling short across MVSP security controls.
• An industry we expected to be a leader in improvements is actually lagging behind the macro improvements we observed. 
• There’s good news! Every industry in 2023 has a high Pass rate for 10 of the 16 MVSP controls we studied.  

Join us for a discussion between Stephen Boyer, Founder at Bitsight, Chris John Riley, Staff Security Engineer at Google, and Marat Vyshegorodtsev, Lead Security Engineer, Enterprise Security at Salesforce, moderated by Jeff Barnett, Senior Director, Strategic Alliances at Bitsight, as they cover the research, the importance of security frameworks, and discuss how you can empower your organization’s cybersecurity strategy to combat the latest risks.

Cyber Risk in 2024: Combatting Third-Party Risk

In an era of increasingly sophisticated cyber threats, the synergy between regulatory compliance and cutting-edge technology is essential for minimizing risks and ensuring the security and resilience of our digital landscapes.

The NIS2 Directive emerges as a compliance requirement and a pivotal transformation in protecting the digital economy. This webinar invites you to explore the expansive influence of the NIS2 Directive, which extends its safeguarding canopy beyond the confines of individual organizations to encompass the entirety of their supply chains. 

Join us to get actionable insights, strategies, and a fresh viewpoint on leveraging compliance as a foundation for building organizational resilience and achieving success.

The session will cover:
- Leveraging NIS2 and impending regulations for business growth.
- Strategic approaches to secure investment and assemble an effective team.
- Key action steps for navigating the compliance journey successfully.

Using NIS2 and other Regulations to create a Competitive Advantage

Face à l'évolution des cybermenaces, l'intégration de la conformité réglementaire et de la technologie devient cruciale pour atténuer les risques et garantir la sécurité et la résilience.

 

La directive NIS2 n'est pas simplement une case à cocher - elle représente un changement radical dans la manière dont nous protégeons notre économie numérique. Rejoignez-nous pour découvrir sa portée, bien au-delà des frontières de votre organisation, en déployant un bouclier de protection à l'ensemble de votre chaîne d'approvisionnement. Obtenez des informations, des stratégies et une nouvelle perspective sur la façon dont la conformité peut être un tremplin vers la résilience et le succès de l'organisation.
Rejoignez-nous pour en savoir plus:
✅ L'impact de NIS2 sur votre organisation;

✅ Principaux défis et avantages du processus;

✅ S'attaquer plus efficacement à la gestion des risques de la chaîne d'approvisionnement avec le NIS2.

Comprendre et se préparer à la directive NIS2: éléments d'information essentiels

More than 80%  of employees are using software applications that haven’t been approved by IT. 

What else is hiding in your environment?

Businesses today are using an unprecedented number of tools and apps in their day-to-day operations—and the ones you don’t know about could put a significant strain on your cybersecurity efforts. 

Join us on for a live discussion about Shadow IT and other hidden risks that could be lurking within your organization. 

In this session, you’ll learn about:

● Types of hidden risks that can compromise your business
● Ways to discover and monitor unknown vendors that have access to your network 
● Key components of a strong Shadow IT risk management policy
● Practical advice to help leaders take action and respond to these challenges

Hiding in Plain Sight: Combatting Shadow IT

Lack of resources and expertise is holding many Third-Party Risk Management (TPRM) programs back. As more vendors enter your network, you need to scale and manage your growing third-party ecosystem while meeting regulatory requirements—and proving business value.

Join us as we explore how complementing your existing technology stack with managed services can supercharge the efficiency and efficacy of your TPRM initiatives. We will provide insights into process automation and analytics to not only reduce operational burdens, but also expand the depth and breadth of your risk mitigation efforts.

You will learn about:
- Strategic partnerships for managed services that can accelerate risk assessments, continuous monitoring, and reporting.
- How to keep up with regulatory changes with technology-driven solutions and expert advice on compliance.
- Practical insights from real-world case studies and best practices, illustrating successful implementations of technology and managed services in TPRM.

Harnessing Technology and Managed Services for TPRM Success

Join us for an exclusive discussion designed to empower your organization with insights into cybersecurity and risk trends. Bitsight executives will share their expectations for 2024, helping you stay ahead in the evolving landscape.

By attending this webinar, you will uncover:
• Expert predictions on GenAI, supply chain risk, and new attack vectors
• The expanding role of the CISO within the enterprise
• The impact of new cybersecurity regulations in the US and Europe
• New strategies to assure stakeholders
• … And much more!

Prepare your organization for the cybersecurity landscape of tomorrow. Reserve your spot now and be ready to face the future with confidence!

2024 Cybersecurity Predictions

No company is an island anymore, and enterprises typically have hundreds and even thousands of vendors. To complicate the matrix of interconnectivity, most companies are themselves within the supply chain, or at a minimum, clients for businesses, including cyber insurers. Organizations struggle to understand the risks within their supply chain because of a lack of transparency beyond their own organization, and often don’t have a good sense of their own security posture or the effectiveness of their controls.
In this session, join Chris Poulin, Director of Technology and Strategy and Deputy CTO at Bitsight, to learn how to:
• Assess the security program and controls of your vendors using observable data;
• Manage your cybersecurity reputation as a competitive advantage;
• Right-size your insurance limits and premiums.

Glass Doors Make Everyone More Secure

Les attaques via la supply chain étant devenues de plus en plus fréquentes au cours des dernières années, les organisations doivent mettre leurs tiers sous les feux de la rampe afin de prévenir les attaques et d'améliorer leur propre position en matière de cybersécurité. L'augmentation des piratages de tiers montre à quel point il est important d'avoir une visibilité sur l'ensemble de la chaîne d'approvisionnement - y compris les fournisseurs des fournisseurs - et d'en atténuer les risques.

Rejoignez-nous pour une présentation des bonnes pratiques de gestion du risque tiers dans la cyber, y compris :
- Un retour sur quelques scénarios types récents et les leçons que l'on peut en tirer
- La mise en place de workflow automatisé d'évaluation et de questionnaires pour gérer efficacement ce risque à grande échelle.
- Pour aller plus loin : des outils pour aider la réponse à incident sur la supply chain

Bonnes pratiques pour préparer et sécuriser votre supply chain

In today’s economic environment, nearly every department in every organization across the globe is being challenged to do more with less. Meanwhile, digital footprints continue to grow and sprawl and cyber attackers look to take advantage of vulnerable infrastructure. Organizations need to assess how they can be more resourceful as they look to maintain a best-in-class cyber risk program and continue to meet business expectations. 

The first step to managing your cyber risk program is to have full visibility of your organization’s extended attack surface and the risk that comes with it. And, you need the ability to communicate your strategy and program performance to stakeholders like the Board – this is more important than ever with the adoption of new SEC Regulations.

Join Gregory Keshian and Vanessa Jankowski as they dive into:
● How to maximize the value of your organization’s current tools while fending off cyber threats
● How continuously monitoring your extended attack surface can help identify priorities to reduce exposure and secure your infrastructure
● The importance of communicating effectively with the Board and how to speak their language
● Driving accountability both internally and externally, and how recent changes to SEC regulations may have an impact

Optimizing Returns from Your Cyber Risk Program

Upcoming regulations like DORA, PS21/3, and NIS2 are not mere compliance checkboxes—they represent a seismic shift in how we safeguard our digital economy. Join us as we uncover how these directives reach far beyond your organisation's boundaries, extending the protective umbrella over your entire supply chain. You will gain insights, strategies, and a renewed perspective on how compliance can be a stepping stone towards organisational resilience and success.

Join us to learn more about:
- What changes in these regulations;
- What processes does it impact;
- Why should you care;
- How can that benefit you; 
- How can you leverage the regulations to make cyber risk a business conversation?

Is your organisation ready for the new cyber regulations in the EU and the UK?

Changes in the cyber risk landscape have led to an increase in vulnerabilities affecting the digital supply chain and an elevated level of scrutiny from business leaders, regulators, and other influencers.

Zero-days reflect a specific type of vulnerabilities within this broader trend, and one that often comes with high demands on cyber security and third-party risk management teams. The reason is clear – for these vulnerabilities, organizations have had “zero days” to work on a patch or a fix, which leaves them open to exploitation by motivated bad actors.

At Bitsight, our goal is always to provide timely, actionable evidence for customers dealing with zero-day vulnerabilities.

Join us to learn more about: 
- How to detect, manage and mitigate vulnerabilities with speed;
- Exposure management across your portfolio;
- How to scale and improve your response to vulnerabilities across your supply chain.

Improving Vulnerability Detection and Response Across your Supply Chain

Cybersecurity leaders face various challenges in protecting their organization's digital assets from cyber threats. With the rise in cloud infrastructure, internet-connected devices, and third-party vendors, the attack surface has expanded, and the number of vulnerabilities and risks has increased dramatically. This has led to enormous pressure from stakeholders, including executives, board members, customers, business partners, regulators, insurers, and investors, to ensure the organization's protection.

Despite the risks, recent BitSight research revealed that the average vulnerability remediation rate is only 5 percent per month, which is concerning given the criticality of vulnerability management in reducing the likelihood of a cyber incident.

During this session, we'll explore these key issues: 

● The current cybersecurity landscape 
● How cybersecurity leaders can improve awareness of their organization's digital assets and risks 
● How to strengthen vulnerability and exposure management programs 
● Creating trust among critical internal and external stakeholders. 

Join BitSight’s Vice President of Government Affairs, Jacob Olcott, as he shares innovative and comprehensive solutions that can help cybersecurity leaders identify their attack surface, enhance their vulnerability management programs, and communicate their success to stakeholders effectively.
Don't miss this opportunity to gain valuable insights and strategies to reduce organizational risk and foster a culture of trust in an insecure world.

Creating Trust in an Insecure World: Strategies for CISOs

BitSight’s research team works tirelessly to discover vulnerabilities that pose threats to organizations. Most recently, Pedro Umbelino, Principal Security Researcher at BitSight, uncovered thousands of organizations using internet-facing and exposed webcams. His findings? One in 12 BitSight-tracked organizations with internet-facing webcams and/or similar devices are susceptible to video and/or audio compromise. 

An exclusive Tech Talk where Pedro will discuss: 
● Our webcam vulnerability research - his approach and findings 
● Its potential risks and consequences, and 
● How organizations can better protect themselves.

Tech Talk: Decoding the Latest Research with Bitsight

A new set of Regulations is being implemented around Europe and UK, bringing a consistent, harmonised regulatory approach that is affecting specifically (but not only) the Financial industry and the Information and Communications Technology (ICT) entities deemed critical due to their pivotal role in today’s digital economy.

The goal is to reinforce the EU and UK digital economy with operational resilience. However, many companies need help finding themselves lost in translation as they see this new mandatory compliance wave coming their way.

Join us to learn more about:
- How the new regulations build on top of previous ones (that you may already be compliant with);
- What changes with the new regulations;
- What processes are impacted; 
- When will you need to be ready?

A recap on DORA,  PS21/3 Regulations on Cyber Resilience and what to expect next

Did you know that 69% of organizations have experienced some type of cyber attack in which the attack itself started through the exploit of an unknown, unmanaged, or poorly managed internet-facing asset?

Understanding the scope of your organization’s external attack surface is essential. You need to continuously manage your digital footprint to know where risks exist and how to prioritize vulnerable areas. Gain visibility into what an attacker sees and take informed action to reduce exposure and empower your organization’s growth and success.

In this webinar, you will learn how to:
● Identify and assess your evolving attack surface 
● Prioritize and remediate vulnerable areas of infrastructure
● Monitor your digital footprint and protect for the future

Identifying Blind Spots Through External Attack Surface Management

The constant threat of cyber attacks can create a challenging situation for organizations looking to effectively prioritize their defenses with limited resources.
Watch this webinar diving into a recent study highlighting the 14 BitSight analytics that are significantly correlated with cybersecurity incidents.
You will learn:
● What the 14 BitSight analytics are, which significantly correlated with cybersecurity incidents;
● Recommendations to improve programmatic areas in your cybersecurity strategy;
● Performance areas to prioritize to achieve better cyber insurance coverage and terms.

How to Unlock the Power of Data for Improved Cybersecurity Decision-Making

As organisations understand the importance of investing in cyber resilience, security leaders face the challenge of better understanding their current security posture in order to build a program matching the corresponding risk tolerance.

While determining priorities and executing the mission each and every day are considerable drivers to reducing risk exposure, they still need to find a way to communicate progress to all stakeholders to drive the much-needed accountability, effectiveness, and confidence in the cybersecurity program.

This can be achieved with a metrics-driven approach at scale. By adopting constant vigilance and continuously monitoring their cybersecurity performance, they can ensure organisational targets are being accomplished. 

Join this BitSight Expert Session if you are looking for thoughts or struggling in areas such as: 
- What meaningful metrics are being used, and how effective are they?;
- How those metrics drive decisions in security programs, close gaps, and drive effectiveness and resilience;
- Leveraging context to communicate with stakeholders outside the security teams.

Building metrics in your cybersecurity program and scaling cyber resilience

Cyber Security

Cyber Resilience

Risk Management

Governance

Continuous Monitoring

Advanced Analytics

Security Posture

Security Performance Management

Security Ratings

Metrics Driven Standards

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Building metrics in your cybersecurity program and scaling cyber resilience

Presented by

About this talk

More from this channel