Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
With economic sanctions being levied by the US against Iran and a trade war heating up with China, some security experts are cautioning that attacks targeting US critical infrastructure may be inevitable. Are electric utilities prepared to defend themselves and their facilities against these attacks?
The retail industry has always been a favorite target of cyber criminals. We all remember major data breaches like those that affected Target, TJX, and Home Depot — but the truth is that retail security threats have been a daily concern of retailers for a long time.
Delivering medical services involves hundreds of third-party vendors. We explore the criticality of healthcare vendor risk management and how organizations can overcome common challenges.
Failing to update your software doesn’t just mean you’re missing out on the latest version—it means you could expose your organization to major security vulnerabilities, like the widespread Apache Log4j2 vulnerability.
When it comes to improving cybersecurity at your organization, there are some fixes that you can undertake with very little preparation. More robust remediation efforts, however, usually start with a cybersecurity risk assessment.
Does your organization have a cybersecurity risk remediation plan? Follow these 5 tips for crafting one.
Wondering how to leverage your remaining funds? As you decide how to use your end of year budget, ask yourself these questions.
As a security professional navigating the new challenges 2020 is bringing to cybersecurity, it’s critical to understand the ways your organization’s data could be exposed. Sensitive data is critical, safeguarded information. Different information can be considered sensitive depending on the industry, but in general it can be anything your organization, your employees, your customers, or your third parties would expect to be private and protected.Below, we’ve outlined five examples of sensitive data your organization likely handles—and a few key ways to protect it from evolving cyber threats.
According to the 2022 Verizon Data Breach Investigations Report, 62% of system intrusions came through an organization’s partner. Read our blog to learn how to assess your vendors to effectively reduce breach risk.
What is information risk management? Learn more about how the classic equation of threat x vulnerability x consequence helps inform your cybersecurity risk management strategy.
What is a cybersecurity risk taxonomy and how can you use it to guide your organization’s security program and investments?
You can’t reduce the cyber risks faced by your organization if you don’t know what you’re up against. That’s the purpose of a vulnerability probe.
The term “digital resilience” has gained momentum over the past few years as cybersecurity threats have grown, but what does it really mean? And how can a company become digitally resilient?
The majority of us have been through phishing training for our jobs, where the simplified best-practices for all employees are laid out. These usually include reporting to IT when you receive emails from suspicious accounts, those that contain links without a description or subject lines that don’t make sense, or content you’re not familiar with or normally asked for, among other questionable communication.
The majority of us have been through phishing training for our jobs, where the simplified best-practices for all employees are laid out. These usually include reporting to IT when you receive emails from suspicious accounts, those that contain links without a description or subject lines that don’t make sense, or content you’re not familiar with or normally asked for, among other questionable communication.