Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
![Blog Image KEV Research Announcement](/sites/default/files/styles/cta/public/2024/05/01/Blog%20Image%20KEV%20Research%20Announcement.png?itok=dUMFV8Tg)
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
![Best Practices for Cybersecurity Awareness Month with Stephen Boyer](/sites/default/files/styles/4_3_small/public/migration/images/bigstock-Cyber-Attack-Detection-Intern-243812206_1.jpg.webp?itok=DwtGw9F3)
October was Cybersecurity Awareness Month, which gave companies the opportunity to thoroughly examine their security and risk programs and identify where they can strengthen security practices. A Bitsight, we talk about risk management every day. We sat down with our Co-Founder & CTO, Stephen Boyer, to talk about the significance of having a risk-aware organization and proactive ways security ratings can help with risk management.
![Streamline Your Bank's Third-Party Vendor Management Risk Assessments](/sites/default/files/styles/4_3_small/public/migration/images/bigstock-Risk-Assessment-on-Ring-Binder-121113230_1.jpg.webp?itok=Z7V1Ibt2)
Banks and other financial institutions are a proving ground for new risk management methods. High risk and intense regulations feed into a culture of serious, comprehensive security — a culture that has manifested in mature methodologies such as the three lines of defense.
![Should Cybersecurity Have a Voice in Vendor Procurement?](/sites/default/files/styles/4_3_small/public/migration/images/3.%2520vendor%2520procurement_1.jpg.webp?itok=TNYkRavb)
Business leaders now realize that their data is being exposed to risk by their vendors, and that monitoring and remediating these threats is a necessary part of an effective cybersecurity program.
![4 Cybersecurity Factors Every Board Member Must Consider for 2019 Planning](/sites/default/files/styles/4_3_small/public/migration/images/bigstock-Business-Woman-Leader-Making-P-253201858_1.jpg.webp?itok=mYkku1Zv)
Cybersecurity is a growing topic of discussion in Board meetings everywhere — given this fact, Board members need to be prepared to speak knowledgeably about their organization’s cybersecurity posture and programs. As businesses near the last quarter of the year and begin their planning processes, Boards must also be thinking about how to best prepare for 2019. Here are some factors that Boards must take into consideration:
![Quantifying Cybersecurity Risk: A Beginners Guide](/sites/default/files/styles/4_3_small/public/migration/images/bigstock-Asian-Business-Adviser-Meeting-226416148_1.jpg.webp?itok=Qb25yCDA)
In a 2017 survey of almost 1,300 CEOs conducted by PwC, 63% of respondents said they were “extremely concerned” about cyber threats — up from just 8% in 2013.
![Cybersecurity Metrics Your CIO Expects You to Know](/sites/default/files/styles/4_3_small/public/migration/images/bigstock-Business-Finance-Accounting--237523486_1.jpg.webp?itok=Cfl9ezfF)
In today’s landscape, managing your internal security processes as well as creating a third-party vendor risk management program should be top of mind, but prioritizing a solid understanding of the metrics surrounding your cybersecurity programs almost just as important. These metrics should dive deeper than “yes” or “no” questionnaire answers, but should help you gain a more comprehensive understanding of where you and your third parties fall when it comes to proactively mitigating cyber risk.
![BitSight Offers Valuable Insight Into Breach Trends](/sites/default/files/styles/4_3_small/public/migration/images/bigstock-Fintech-Icon-On-Abstract-Fina-226174948_2.jpg.webp?itok=Irj15Jpw)
Over the last several months, members of our product team have been working to aggregate all of Bitsight’s security ratings data and highlight important insights about patterns in data breaches. In fact, Bitsight boasts one of the largest data breach data sets. Of course, this only highlights what data Bitsight has visibility into; with the largest sinkholing infrastructure in the world and the security posture of over 130,000 organizations, we have the most comprehensive view into global breach trends.
![What Now? How to Execute the Cybersecurity Plan You Have in Place](/sites/default/files/styles/4_3_small/public/migration/images/What_Now_How_to_Execute_the_Cybersecurity_Plan_You_Have_in%2520Place_1.jpg.webp?itok=6QCpJ3ia)
CISOs and other security leaders are tasked with protecting their organizations from cyber attacks. That means developing and implementing the policies, controls, and procedures that reduce risk and ensure the safety of sensitive data. It also means keeping the cybersecurity program alive and well-funded.In other words, security leaders are fighting on two fronts. When executing a cybersecurity plan, they must employ two distinct yet equally important skill sets: the technical skills to mitigate risk, and the strategic skills to make the case for cybersecurity to their colleagues. Striking a balance between these two categories is tricky. We’ve got some tips for CISOs and other security leaders looking to execute their cybersecurity plans effectively and achieve sustainable results.
![Which Cybersecurity Tasks Should I Prioritize First? Tips from the Experts](/sites/default/files/styles/4_3_small/public/migration/images/bigstock--177323620_1.jpg.webp?itok=J-XFiRw4)
Cybersecurity is a multifaceted topic with many constantly evolving variables. For CISOs and other security leaders, just knowing where to begin can be a challenge.Let’s say you’ve just taken over an organization’s cybersecurity program, or have been tasked with building one from scratch. You have a limited budget and limited personnel, so you can’t accomplish everything at once. Which tasks deserve your focus in the critical first few months? We’ve rounded up some cybersecurity tips from industry experts to help guide your initial strategy.
![3 Cybersecurity Risk Factors Financial Institutions Often Overlook](/sites/default/files/styles/4_3_small/public/migration/images/3_Cybersecurity_Risk_Factors_Financial_Institutions_Often_Overlook_1.jpeg.webp?itok=Hc-05E1f)
With every reported data breach or cyberattack, the cyber risk landscape gets a little more complex. Cyber criminals create new attack vectors, cybersecurity professionals develop new controls to protect their systems, the criminals get to work circumventing the controls, and so on.The result of this back and forth is that cyber risk professionals have a huge variety of risk factors to worry about. In response, risk managers and security specialists need to develop extremely complex cybersecurity programs to make sure all of their bases are covered. With so many cybersecurity risks to consider, it’s inevitable that some will receive less attention than they deserve. Unfortunately, these overlooked risk factors could play a role in your next cyberattack, and if your financial services firm isn’t prepared, that could be extremely costly. Here are a few historically overlooked risk factors that deserve some additional attention:
![How to Build a Realistic Cybersecurity Plan for Third Party Vendors](/sites/default/files/styles/4_3_small/public/migration/images/AdobeStock_143989742-910733-edited-min_1.jpeg.webp?itok=yjkavSOY)
Since third party vendors are not under direct supervision, they are typically the weakest link of an enterprise’s IT security landscape. The largest organizations have tens of thousands of vendors, which makes managing this type of risk particularly challenging. For many organizations, it’s simply impossible to communicate with every vendor on a frequent basis about their security posture. At the same time, outsourcing to vendors is critical for business success, and delaying engagement with vendors while their security is reviewed could adversely affect an enterprise’s operations. Faced with such challenges, how do you go about developing a cybersecurity plan that effectively and efficiently manages third party vendor risk?
![The Top 10 Cybersecurity Articles Of 2017: A Recap](/sites/default/files/styles/4_3_small/public/migration/images/Cybersecurity%2520Articles%2520-%2520Thumb_1.jpg.webp?itok=dXIo-aKM)
2018 is right around the corner, and while we’re looking forward to what’s coming, we’re also thinking back on the best of this year. Here’s a look at 10 of our most frequently viewed cybersecurity articles in 2017.
![Extra Budget 101: Invest in Your Cybersecurity and Risk Program](/sites/default/files/styles/4_3_small/public/migration/images/12.13-Cybersecurity-Budget-Blog-Full_1.png.webp?itok=ah-vG_aY)
As security and risk professionals work to finish out the year, they must also be thoughtful about planning for 2018. While it’s great to end the last quarter of the business year on a strong note, it’s even more critical for businesses to set themselves up for success when returning to work in January. One of the best ways to accomplish this is to be strategic about the extra budget they possess in Q4, and asking themselves this question: how can my organization be mindful about spending extra funds to benefit our security program later on?
![5 Tips to Stay Safe During Cybersecurity Awareness Month](/sites/default/files/styles/4_3_small/public/migration/images/10.13-Blog-Thumb_1.png.webp?itok=pSu2_R-_)
October is Cybersecurity Awareness Month, which offers organizations the opportunity to thoroughly examine their security and risk programs and identify where any vulnerabilities might exist. Here at Bitsight, we talk about risk management every day. However, we have to practice what we preach — our IT Team offered some insight into areas where organizations can improve their network health not just this month, but regularly.
![4 Cybersecurity Risks Healthcare Providers Face With Their Vendors](/sites/default/files/styles/4_3_small/public/migration/images/thumb-cybersecurity-in-healthcare_1.jpg.webp?itok=BHOfYJHB)
If you’re involved in a healthcare-based organization, you’ve likely noticed the push for stronger vendor security and vendor risk management (VRM) practices. There are a few reasons for this.