Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
![Blog Image KEV Research Announcement](/sites/default/files/styles/cta/public/2024/05/01/Blog%20Image%20KEV%20Research%20Announcement.png?itok=dUMFV8Tg)
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
![Will BlueKeep Become WannaCry 2.0?](/sites/default/files/styles/4_3_small/public/migration/images/bigstock--215591209_1.jpg.webp?itok=RIsAbzVg)
A little over a month ago, Microsoft discovered a software security vulnerability that could ultimately lead to one of the worst cybersecurity attacks since 2017’s infamous WannaCry ransomware incident.
![Cyber Attacks Can Wreak Havoc on the Business in Multiple Ways](/sites/default/files/styles/4_3_small/public/migration/images/bigstock-Button-On-Virtual-Screen-Press-248084767_1.jpg.webp?itok=wp54zvpH)
The past few years have shown us that the cybersecurity landscape has only gotten more complex, as massive attack after massive attack —WannaCry and NotPetya ransomwares, at Uber Technologies in 2016, from the Shadow Brokers group, and many more — jolted enterprises around the world.
![The Perfect Cyber Storm is Brewing. Are You Prepared?](/sites/default/files/styles/4_3_small/public/migration/images/bigstock-Abstract-Technology-Background-250119211_2.jpg.webp?itok=tVGGXqu4)
Data breaches are never far from the news. Some recent headlines have even suggested that they’ve become the “new normal.” And while we haven’t seen a wide-scale attack since WannaCry was unleashed two years ago, a recent turn of events suggests that the perfect cyber storm may be brewing.
![Docker Hub: Exposing the Hidden Cost of Data Breaches](/sites/default/files/styles/4_3_small/public/migration/images/bigstock-Cyber-Security-Data-Protection-252265303_2.jpg.webp?itok=Ozvoe4oY)
Big risks can come from small, sometimes unexpected places. When compared to all the other vendors you need to manage, you might not think of an image container for apps as a high priority — but the recent breach of Docker Hub shows otherwise.
![What the Marriott Breach Can Teach Us About Cybersecurity in the Tourism & Hospitality Industry](/sites/default/files/styles/4_3_small/public/2022/06/17/bigstock-Passport-Photo-Camera-Smart-min.jpg.webp?itok=HhmDIr7b)
Last fall, news broke of the Marriott breach that compromised the records of up to 500 million customers. The data breach occurred through the IT company, a third party, that managed the Starwood reservation database.
![BitSight Contributes to Verizon's 2019 Data Breach Investigations Report](/sites/default/files/styles/4_3_small/public/migration/images/bigstock-Data-Breach-On-Wooden-Blocks--286847518_1.jpg.webp?itok=0ShaiBLz)
Last week, Verizon published its annual Data Breach Investigations Report (DBIR) which details the major trends in data breaches observed over the previous year. This report has become a widely respected industry standard that companies (across all industries) hold in high regard and frequently reference.
![A Risk-based Approach to Cybersecurity Can Save Time & Money](/sites/default/files/styles/4_3_small/public/migration/images/A_Risk_based_Approach_to_Cybersecurity_Can_Save_Time_And_Money_1.jpeg.webp?itok=mlMxqdSx)
If you’ve glanced at the opinion columns of security industry publications, you’ve probably seen the term “risk-based” floating around, as in “the time is now for a comprehensive, risk-based approach” or “a risk-based approach to security is key to business alignment."
![Cyber Basics: Understand Vulnerabilities, Threats & Exploits](/sites/default/files/styles/4_3_small/public/migration/images/bigstock--202598059_2.jpg.webp?itok=tu_C-ocn)
In 2019, cyber incidents will be the second most important global business risk. The more cyber incidents that continue to happen on a global scale, the more critical it is for users to understand how to classify the dangers that exist for both businesses and users. In this blog post, we’ll break down the basics and explore the difference between three key areas of cyber risk: vulnerabilities, threats, and exploits.
![What You Can Do Today to Prevent A Data Breach](/sites/default/files/styles/4_3_small/public/migration/images/What-You-Can-Do-Today-to-Prevent-A%2520Data-Breach_2.jpeg.webp?itok=kFzp4yuX)
When it comes to data breach prevention, there are plenty of guides for reducing risk in the long term. While it’s definitely valuable to be working on a data breach prevention strategy with 6-month, 1-year, or 5-year goals, not every cybersecurity initiative takes so much time.
![Cybersecurity in Europe is Improving: Thank You GDPR?](/sites/default/files/styles/4_3_small/public/migration/images/bigstock--219346900_1.jpg.webp?itok=6n15gyLr)
After years of debate over whether to impose new cybersecurity regulations on companies, General Data Protection Regulation (GDPR) laws went into effect in Europe in May 2018. Already we’ve seen several data breach victims ordered to pay fines under the new rules and cookie disclosure notices are popping up on more websites than ever.
![Forecasting: The Missing Link in Your Annual Security Performance Planning Process](/sites/default/files/styles/4_3_small/public/migration/images/11.29-Forecasting-Blog-Header-Image_1.jpg.webp?itok=HB-lM65g)
When it comes to security performance management within your organization, how do your security teams measure performance? If they’re using security ratings, they know that this objective, quantitative measurement is an effective place to start when evaluating performance in certain areas.
![5 Crucial Strategies for Improving Retail Network Security](/sites/default/files/styles/4_3_small/public/migration/images/6.%2520retail%2520security_1.jpg.webp?itok=4qmAQgNY)
The retail sector has proven that when top minds put their heads together, they can make real headway against pernicious cyber threats. Case in point: the industry-wide adoption of EMV chip cards has played a role in reducing point-of-sale malware attacks by 93% since 2014.
![Forrester Recognizes BitSight as a Leader in Cybersecurity Risk Rating Solutions](/sites/default/files/styles/4_3_small/public/migration/images/bigstock--------223858897_2.jpg.webp?itok=bMn39N9F)
This past Tuesday, Bitsight was named a Leader in The Forrester New Wave™: Cybersecurity Risk Rating Solutions, Q4 2018 evaluation. This report evaluates the current offering and strategy of vendors in a particular technology market, such as security ratings. This is significant, as this is the first analyst report that has a core focus on evaluating security ratings services solutions side-by-side.
![Improve IT Vendor Monitoring with Data-Driven Conversations](/sites/default/files/styles/4_3_small/public/migration/images/IT%2520Team-Improve-IT-Vendor-Monitoring_2.jpg.webp?itok=7d1FDwo5)
Businesses are becoming increasingly reliant on outsourced IT services to support day-to-day operations.
![The State of Cyber Risk in Spain](/sites/default/files/styles/4_3_small/public/migration/images/bigstock--182719168_2.jpg.webp?itok=P7WEiUFM)
In Spain, cybersecurity is becoming more of a priority among businesses across all industries. One way to quantify these cybersecurity postures is by looking at Spain’s security ratings across all markets. In Spain, Bitsight Security Ratings are on average 119 points below Europe as a whole. The highest performing industry is Real Estate, which has a security rating of 71 security rating points better than the European average. The lowest performing industries are Financial Services and Insurance, which are more than 200 security rating points lower than the average European rating. Given the sensitive data financial services companies possess, this report suggests there is a need for additional investment in cybersecurity and cyber risk management. As companies invest in digital transformation programs, their exposure to risk increases and requires an increased investment in risk management across their organization.