Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
![Blog Image KEV Research Announcement](/sites/default/files/styles/cta/public/2024/05/01/Blog%20Image%20KEV%20Research%20Announcement.png?itok=dUMFV8Tg)
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
![Creating a Cybersecurity Awareness Culture at Financial Institutions](/sites/default/files/styles/4_3_small/public/migration/images/Creating_a_Cybersecurity_Awareness_Culture_at_Financial_Institutions_1.jpg.webp?itok=iUxlRJ1S)
Banks and other financial institutions have always been burdened with a greater need for security than other industries. In the past, that meant hiring 24/7 guards and locking cash away in reinforced bank vaults. Today, it means having best-in-class cybersecurity teams and state-of-the-art detection and response technology.However, when it comes to preventing data breaches, having the best cybersecurity experts and the fanciest tech isn’t always enough. Here’s how the FDIC puts it in their Framework for Cybersecurity:
![Building Trust in the Digital Era -The Importance of Effective Cybersecurity and Exposure Management](/sites/default/files/styles/4_3_small/public/2023/03/22/Building%20Trust%20in%20the%20Digital%20Era-The%20Importance%20of%20Effective%20Cybersecurity%20and%20Exposure%20Management.jpg.webp?itok=NUyOwQNa)
How cybersecurity leaders can manage an expanding attack surface, increasing vulnerabilities, and growing demands from stakeholders.
![Cyber resilience vs cybersecurity, two people creating a plan for each](/sites/default/files/styles/4_3_small/public/2022/01/14/Cyber%20Resilience%20vs%20Cybersecurity%2C%20sized.jpg.webp?itok=GCRB5wn4)
What is cyber resilience vs. cybersecurity and why in today’s digital economy you need a plan for both.
![cyber risk appetite](/sites/default/files/styles/4_3_small/public/2021/11/14/cyber%20risk%20appetite.jpg.webp?itok=0bl9Z0Hz)
As cyberattacks surge, you’re charged with protecting your organization’s expanding digital footprint. But what about the risk posed by vendors?
![4 Ways to Improve Cybersecurity Collaboration Between Security Teams and the C-Suite](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_748719808.png.webp?itok=6ol21rwz)
Recent events have made cybersecurity a top concern among C-suite executives. The SolarWinds breach, Capital One incident, and Colonial Pipeline attack are just a few of the noteworthy events that have made CEOs and CFOs take active roles in discussions around risk mitigation.
![CIO Vs. CISO: Who Does What?](/sites/default/files/styles/4_3_small/public/migration/images/CIO%2520Vs%2520CISO%2520Who%2520Does%2520What%2520-%2520thumb_1.jpg.webp?itok=9CUQn_Nm)
Every organization handles security differently, based on their needs and internal structure — but in some mid-sized and large companies, both the chief information officer (CIO) and the chief information security officer (CISO) are involved.
![What Companies Using Cloud Computing Services Need To Know About Their Risk Responsibilities](/sites/default/files/styles/4_3_small/public/migration/images/AWS%2520Cloud%2520Computing%2520blog%2520picture_1.jpg.webp?itok=RBgeaqMi)
Cloud computing is not new to the cyber world; it’s here to stay. Web services are common in our everyday lives and workplaces, with things like Facebook, Salesforce, JIRA, Adobe, and GSuite all falling into the cloud-based category. But who is responsible for breaches in the cloud data, the service provider or the organization using their services?
![Do You Have What it Takes to Achieve Digital Resilience?](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1709609737.jpg.webp?itok=wbHtLeTI)
The term “digital resilience” has gained momentum over the past few years as cybersecurity threats have grown, but what does it really mean? And how can a company become digitally resilient?
![Bitsight and Diligent partner](/sites/default/files/styles/4_3_small/public/2023/07/18/Diligent-and-Bitsight.jpg.webp?itok=K44DP7gJ)
Bitsight & Diligent launch extension partnership focused on correlated, independent, & comparable cyber ratings within Diligent’s Board Reporting for IT Risk.
![What is Cyber Security Performance Management?](/sites/default/files/styles/4_3_small/public/migration/images/What%2520is%2520SPM_1.png.webp?itok=kJBnM6Dp)
Security performance management (SPM) helps security and risk leaders take a risk-based, outcome-driven approach to assessing and managing the performance of their organization’s cybersecurity program. With SPM, security leaders can continuously monitor and assess their organization’s current security state, analyze how security performance ranks against industry and peers, and create improvement plans that reduce cyber risk.
![Data Breach Blog](/sites/default/files/styles/4_3_small/public/2023/08/04/Data%20Breach%20Blog.jpg.webp?itok=hz-W8Ea5)
Read Bitsight breach research by looking at the evolution of reported incidents over the past years to identify trends and global patterns.
![cybersecurity due dilligence](/sites/default/files/styles/4_3_small/public/2021/11/14/Cybersecurity%20due%20diligence.jpg.webp?itok=30i3UhEx)
If your organization is entering into a relationship with a vendor or partner, vendor due diligence is key to mitigating third-party risk.
![Do You Need to Create Segmented Networks to Protect Critical Assets?](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_591206291_1.jpg.webp?itok=vR-Owa5h)
Network segmentation — the act of dividing a network into multiple smaller, isolated networks that are not visible from the outside — has long been used to reduce cyber risk. At its core, segmentation assumes a “zero trust” approach to protecting digital environments and minimizes access to digital assets for those who don’t need it, while enabling access for those who do. Should a breach occur, that threat is contained in the segmented network so it doesn’t propagate to other assets.
![cybersecurity intelligence](/sites/default/files/styles/4_3_small/public/2023/08/03/cybersecurity%20intelligence.jpeg.webp?itok=-AuPpnQu)
Cybersecurity intelligence is a powerful weapon against risk. Learn how you can improve your cyber data collection, analysis, and sharing to mitigate emerging threats.
![what is vulnerability management](/sites/default/files/styles/4_3_small/public/2023/03/08/what%20is%20vulnerability%20management.jpg.webp?itok=-1gUWtzs)
As the attack surface expands, vulnerability management offers a strategic approach to manage exposure and remediate on time. Here's what you need to know.