Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
As a recent Forrester report highlighted, there are many cybersecurity ratings available. Security ratings have a valuable place in your overall cyber risk mitigation strategy, for many reasons.
You can tell a lot about someone by the company they keep, and the same goes for your security ratings partner. All security ratings are not created equal.
Bitsight was recently named a Leader in The Forrester New Wave™: Cybersecurity Risk Rating Solutions, Q1 2021. As the creator and largest vendor by market presence in the category, we were honored to be recognized and to be the only vendor recognized for having differentiated product roadmap and go-to-market strategy.
Vendor risk management is top of everyone’s mind in light of the recent SolarWinds supply chain attack and concerns around weak points in the COVID-19 vaccination supply chains. Both exemplify the need for organizations of all types to take steps to fortify their vendor risk management processes.
For obvious reasons, the financial services industry has had the unfortunate distinction of being one of the largest high value targets for threat actors. Research shows that financial services businesses experience 300 more cyber attacks than organizations in other industries. Many of those attacks come through third-party suppliers whose networks may not be as secure as the organizations they work with.
Not to be forgotten during the chaos that was 2020 were the massive cybersecurity breaches that directly impacted some of the country’s largest businesses and their customers. Let’s take a closer look at four of the big data breaches of 2020 — and what we can learn from these incidents to avoid a repeat of similar events in 2021.
When it comes to reporting to the board, there are plenty of tools at the CISO’s disposal. Looking at the right metrics and putting them in the right context can help turn your next board meeting into a source of confidence, not stress. Here are some helpful tips to create successful frameworks for your board reports.
Remote work has always introduced unique and evolving cyber risks. In our “new normal” operating environment, where entire workforces have gone remote, IT security teams are facing an unprecedented challenge.
2020 was a transformative year that blew all predictions out of the water. As we look ahead to 2021, we will continue to see the repercussions of this year’s events.
Not long ago, corporate executives would give only passing thoughts to their organization’s cybersecurity postures. Leadership and board members would take notice in the wake of a major data breach, for example, or a couple of times a year as a “check the box” exercise to maintain compliance with regulations. Overall, however, cybersecurity analytics didn’t really garner much attention.
A week ago (which seems like a world ago given everything that’s happened with SolarWinds) Phil Venables -- formerly CISO of Goldman Sachs and now CISO of Google Cloud -- posted an interesting expose on security ratings this week. Phil has a better perspective than most on the value and challenges of ratings not only because of the positions that he’s held but also because he is one of the authors of the Principles of Fair and Accurate Security Ratings. These principles also guide how Bitsight thinks about our rating overall.
Boards are increasingly looking at cybersecurity as a crucial part of the business. The problem is, the board doesn’t always know what to look for or how cybersecurity impacts the business. What the board really wants to hear in the next report is how you’re generating results for the organization and how those results are creating ROI on the spend. Here are a few cybersecurity questions and a few metrics that the board really wants to hear about in the next report.
New vulnerabilities emerge daily... but not every vulnerability is being actively exploited by nation state actors. Zerologon (CVE-2020-1472) is one such vulnerability. Zerologon was recently identified by the National Security Agency (NSA) as one of 25 vulnerabilities actively being exploited by Chinese state-sponsored actors.
In a highly unusual move, the National Security Agency released research on October 20, 2020, highlighting 25 common vulnerabilities that are being actively exploited by Chinese state-sponsored actors. The NSA issued the alert in order to help companies prioritize vulnerability management. Most of the NSA vulnerabilities can be exploited to gain initial access to networks that are directly accessible from the Internet.
One of the biggest questions in cybersecurity now has an answer… and the implications are significant for investors, policymakers, corporate executives, and cybersecurity professionals alike.