Welcome!

Cognitive Computing Authors: Carmen Gonzalez, Ed Featherston, Sematext Blog, Pat Romanski, Elizabeth White

News Feed Item

Industry Analysis Reveals Healthcare and Pharmaceutical Industry Lags in Security Effectiveness

BitSight Insights Report Rates Cyber Security Performance of Finance, Utilities, Retail and Healthcare and Pharmaceutical Industries

CAMBRIDGE, MA -- (Marketwired) -- 05/28/14 -- BitSight Technologies, the standard in Security Ratings, today released a new BitSight Insights report, which analyzed Security Ratings for S&P 500 companies in four industries -- finance, utilities, retail and healthcare and pharmaceuticals. The objective was to uncover quantifiable differences in security performance across industries from April 2013 through March 2014. The study revealed that the healthcare and pharmaceuticals sector has many of the same characteristics as the retail sector, including a high volume of security incidents and slow response times, and that both of these sectors lag behind the finance and utilities sectors in security performance.

BitSight Technologies uses publically available data to rate companies' security performance on a daily basis. Observed security events and configurations, such as communication with a botnet, malware distribution, and email server configuration, are assessed for severity, frequency and duration and used to generate objective Security Ratings. BitSight Security Ratings range from 250 to 900, with higher ratings equating to higher security performance. Industry ratings are calculated using a simple average of the Security Ratings of companies in that sector.

Key Findings
Retail's poor performance continues

  • Within the past year the security performance of the retail industry declined, ending the time period at an average of 685.
  • The number of security events observed by BitSight increased nearly 200 percent from April 2013 to March 2014.
  • Zeus and Zero Access accounted for one third of all malware in the retail industry.

Healthcare and pharmaceuticals demonstrate signs of serious illness

  • The average rating in this industry was 660. Like the retail sector, the spread in performance across the industry is large, implying that there are many companies that are seriously underperforming.
  • This sector saw the largest percentage increase in the number of security incidents observed by BitSight over the time period.
  • The average event duration, (the number of days between the first time BitSight observes an event to the last time) is longer than any other industry, at 5.3 days.

Finance tops the list

  • The average rating in the finance industry was 765, the highest of all of the industries analyzed, despite an increase in the number of observed incidents.
  • Zeus malware made up 33 percent of the identified malware that hit the finance industry.
  • The finance industry had the shortest average event duration suggesting that this sector is quicker to detect and respond to cyber threats than others.

Utilities also shine bright

  • The average rating was 751 for the utilities industry and like finance, the range of ratings within the utilities sector is relatively narrow, meaning the majority of companies are high performers.
  • Redyms, a family of trojans designed to redirect search engine results, hit this sector particularly hard, accounting for 26 percent of all observed malware.
  • Similar to finance, the generally positive security performance in this industry is likely the result of both executive-level focus on cyber risk as well as industry regulation.

Supporting Quotes
"Based on our analysis, it is clear that organizations that treat cyber security as a strategic issue perform better than those that view it as a tactical one. This partially explains the superior Security Ratings of financial institutions and electric utilities in the S&P 500 compared to retailers and healthcare companies."
-- Stephen Boyer, BitSight co-founder and CTO

"These strong Security Ratings of the electric utilities in the S&P 500 are no surprise, in my experience, large IOUs (Investor Owned Utilities) have fairly sophisticated IT security practices. Like large financial institutions, they have significant security budgets and cyber risk has executive level visibility. Although NERC CIP only applies to portions of these IOUs, it has lead to a significant shift in attitudes towards cyber security in large utilities."
-- Dave Dalva, VP of Security Science at Stroz Friedberg

"Many retailers do indeed have strong security practices, and the recent announcement from the Retail Industry Leaders Association (RILA) about the creation of a Retail Cyber Intelligence Sharing Center is certainly a step in the right direction. However, cyber security still needs greater resources and executive level attention across the industry."
-- Chris Poulin, IANS Faculty Member

"In our recent assessment of medical devices used in clinics and hospital around the country, weak encryption, lack of key management, poor authentication and authorization protocols, and insecure communications were all common findings. These gaps in security can lead to a compromise in data confidentiality and integrity. When sensitive data is compromised, it can not only create risks for patients, but also expose health care providers and device manufacturers to regulatory and business risks."
-- Chandu Ketkar, Technical Manager at Cigital

To download a full copy of the BitSight Insights report, visit http://bitsig.ht/TxGRXy. To download a ZIP file containing high resolution versions of the charts and graphs included in the report, click here http://www.bitsighttech.com/sites/default/files/BitSight%20Insights%20Vol%204%20Graphics%20Kit.zip.

About BitSight Technologies
BitSight Technologies is transforming how companies manage information security risk with objective, evidence-based security ratings. The company's Security Rating Platform continuously analyzes vast amounts of external data on security behaviors in order to help organizations make timely risk management decisions. Based in Cambridge, MA, BitSight is backed by Commonwealth Capital Ventures, Flybridge Capital Partners, Globespan Capital Partners, and Menlo Ventures. For more information, please visit www.bitsighttech.com or follow @BitSight on Twitter.

Image Available: http://www2.marketwire.com/mw/frame_mw?attachid=2602745

Contact:
Kristina Lanpheir
Kulesa Faul for BitSight Technologies
Email Contact
831-251-9120

More Stories By Marketwired .

Copyright © 2009 Marketwired. All rights reserved. All the news releases provided by Marketwired are copyrighted. Any forms of copying other than an individual user's personal reference without express written permission is prohibited. Further distribution of these materials is strictly forbidden, including but not limited to, posting, emailing, faxing, archiving in a public database, redistributing via a computer network or in a printed form.

@ThingsExpo Stories
Bert Loomis was a visionary. This general session will highlight how Bert Loomis and people like him inspire us to build great things with small inventions. In their general session at 19th Cloud Expo, Harold Hannon, Architect at IBM Bluemix, and Michael O'Neill, Strategic Business Development at Nvidia, discussed the accelerating pace of AI development and how IBM Cloud and NVIDIA are partnering to bring AI capabilities to "every day," on-demand. They also reviewed two "free infrastructure" pr...
SYS-CON Events announced today that T-Mobile will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. As America's Un-carrier, T-Mobile US, Inc., is redefining the way consumers and businesses buy wireless services through leading product and service innovation. The Company's advanced nationwide 4G LTE network delivers outstanding wireless experiences to 67.4 million customers who are unwilling to compromise on ...
SYS-CON Events announced today that Super Micro Computer, Inc., a global leader in compute, storage and networking technologies, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Supermicro (NASDAQ: SMCI), the leading innovator in high-performance, high-efficiency server technology, is a premier provider of advanced server Building Block Solutions® for Data Center, Cloud Computing, Enterprise IT, Hadoop/...
NHK, Japan Broadcasting, will feature the upcoming @ThingsExpo Silicon Valley in a special 'Internet of Things' and smart technology documentary that will be filmed on the expo floor between November 3 to 5, 2015, in Santa Clara. NHK is the sole public TV network in Japan equivalent to the BBC in the UK and the largest in Asia with many award-winning science and technology programs. Japanese TV is producing a documentary about IoT and Smart technology and will be covering @ThingsExpo Silicon Val...
In his general session at 19th Cloud Expo, Manish Dixit, VP of Product and Engineering at Dice, discussed how Dice leverages data insights and tools to help both tech professionals and recruiters better understand how skills relate to each other and which skills are in high demand using interactive visualizations and salary indicator tools to maximize earning potential. Manish Dixit is VP of Product and Engineering at Dice. As the leader of the Product, Engineering and Data Sciences team at D...
The 20th International Cloud Expo has announced that its Call for Papers is open. Cloud Expo, to be held June 6-8, 2017, at the Javits Center in New York City, brings together Cloud Computing, Big Data, Internet of Things, DevOps, Containers, Microservices and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportunity. Submit your speaking proposal ...
The age of Digital Disruption is evolving into the next era – Digital Cohesion, an age in which applications securely self-assemble and deliver predictive services that continuously adapt to user behavior. Information from devices, sensors and applications around us will drive services seamlessly across mobile and fixed devices/infrastructure. This evolution is happening now in software defined services and secure networking. Four key drivers – Performance, Economics, Interoperability and Trust ...
SYS-CON Events announced today that CollabNet, a global leader in enterprise software development, release automation and DevOps solutions, will be a Bronze Sponsor of SYS-CON's 20th International Cloud Expo®, taking place from June 6-8, 2017, at the Javits Center in New York City, NY. CollabNet offers a broad range of solutions with the mission of helping modern organizations deliver quality software at speed. The company’s latest innovation, the DevOps Lifecycle Manager (DLM), supports Value S...
With billions of sensors deployed worldwide, the amount of machine-generated data will soon exceed what our networks can handle. But consumers and businesses will expect seamless experiences and real-time responsiveness. What does this mean for IoT devices and the infrastructure that supports them? More of the data will need to be handled at - or closer to - the devices themselves.
Web Real-Time Communication APIs have quickly revolutionized what browsers are capable of. In addition to video and audio streams, we can now bi-directionally send arbitrary data over WebRTC's PeerConnection Data Channels. With the advent of Progressive Web Apps and new hardware APIs such as WebBluetooh and WebUSB, we can finally enable users to stitch together the Internet of Things directly from their browsers while communicating privately and securely in a decentralized way.
In his keynote at @ThingsExpo, Chris Matthieu, Director of IoT Engineering at Citrix and co-founder and CTO of Octoblu, focused on building an IoT platform and company. He provided a behind-the-scenes look at Octoblu’s platform, business, and pivots along the way (including the Citrix acquisition of Octoblu).
Multiple data types are pouring into IoT deployments. Data is coming in small packages as well as enormous files and data streams of many sizes. Widespread use of mobile devices adds to the total. In this power panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, panelists will look at the tools and environments that are being put to use in IoT deployments, as well as the team skills a modern enterprise IT shop needs to keep things running, get a handle on all this data, and deli...
Grape Up is a software company, specialized in cloud native application development and professional services related to Cloud Foundry PaaS. With five expert teams that operate in various sectors of the market across the USA and Europe, we work with a variety of customers from emerging startups to Fortune 1000 companies.
Financial Technology has become a topic of intense interest throughout the cloud developer and enterprise IT communities. Accordingly, attendees at the upcoming 20th Cloud Expo at the Javits Center in New York, June 6-8, 2017, will find fresh new content in a new track called FinTech.
SYS-CON Events announced today that Interoute, owner-operator of one of Europe's largest networks and a global cloud services platform, has been named “Bronze Sponsor” of SYS-CON's 20th Cloud Expo, which will take place on June 6-8, 2017 at the Javits Center in New York, New York. Interoute is the owner-operator of one of Europe's largest networks and a global cloud services platform which encompasses 12 data centers, 14 virtual data centers and 31 colocation centers, with connections to 195 add...
The Internet of Things is clearly many things: data collection and analytics, wearables, Smart Grids and Smart Cities, the Industrial Internet, and more. Cool platforms like Arduino, Raspberry Pi, Intel's Galileo and Edison, and a diverse world of sensors are making the IoT a great toy box for developers in all these areas. In this Power Panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, panelists discussed what things are the most important, which will have the most profound e...
SYS-CON Events announced today that Hitachi, the leading provider the Internet of Things and Digital Transformation, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Hitachi Data Systems, a wholly owned subsidiary of Hitachi, Ltd., offers an integrated portfolio of services and solutions that enable digital transformation through enhanced data management, governance, mobility and analytics. We help globa...
SYS-CON Events announced today that Grape Up will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct. 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Grape Up is a software company specializing in cloud native application development and professional services related to Cloud Foundry PaaS. With five expert teams that operate in various sectors of the market across the U.S. and Europe, Grape Up works with a variety of customers from emergi...
@ThingsExpo has been named the Most Influential ‘Smart Cities - IIoT' Account and @BigDataExpo has been named fourteenth by Right Relevance (RR), which provides curated information and intelligence on approximately 50,000 topics. In addition, Right Relevance provides an Insights offering that combines the above Topics and Influencers information with real time conversations to provide actionable intelligence with visualizations to enable decision making. The Insights service is applicable to eve...
SYS-CON Events announced today that Hitachi Data Systems, a wholly owned subsidiary of Hitachi LTD., will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City. Hitachi Data Systems (HDS) will be featuring the Hitachi Content Platform (HCP) portfolio. This is the industry’s only offering that allows organizations to bring together object storage, file sync and share, cloud storage gateways, and sophisticated search an...