Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
![Blog Image KEV Research Announcement](/sites/default/files/styles/cta/public/2024/05/01/Blog%20Image%20KEV%20Research%20Announcement.png?itok=dUMFV8Tg)
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
![Lack of Cyber Metrics Hamper U.S. Ability to Respond to Cyberattacks](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1218735091_1.jpg.webp?itok=B59XqqBM)
As the nation struggles to come to terms with the coronavirus and questions linger around our readiness for such a pandemic, government leaders are already grappling with the next potential catastrophe — a major cyberattack against the U.S.
![Hackers Target Defense Contractors in an Effort to Reach the Pentagon](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_508154416_1.jpg.webp?itok=FY6Q8FhS)
The Department of Defense (DoD) has one of the largest supply chains in the world, scaling to hundreds of thousands of different vendors and partners. Yet, these vital partners in our nation’s defense infrastructure pose a huge cyber risk.
![New Study Reveals Cybersecurity Risks in the World’s Largest Airports](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1189545343_1.jpg.webp?itok=aKYJ_nXB)
Back in 1990, Hollywood producers imagined a complex plot in which an army of mercenaries with malicious intent hack into and take over the air traffic control system at Washington Dulles International Airport. The result was the classic movie, Die Hard 2.
![The DoD’s Cybersecurity Maturity Model Certification Draws a Line in the Sand for Third Party Risk](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_725365696_1.jpg.webp?itok=TytqDZmn)
Federal technology contractors hold the keys to our nation’s security in their networks, servers, and databases. Yet, recent incidents point to worrisome vulnerabilities that indicate increased cyber risk to defense contractors and the supply chain.
![Australian Companies Now Have 6 Months For APRA Compliance](/sites/default/files/styles/4_3_small/public/migration/images/bigstock---July----Canberra-Austra-276708157_1.jpg.webp?itok=NllxUk-X)
Early in 2019, unknown threat actors attempted to hack the Australian federal Parliament’s computer network and the servers used by every politician, staffer, and security officer in Parliament House. Authorities believe there is a strong chance this could have been executed by a state-based actor.
![New Iranian Cyber Warfare Puts U.S. Networks at Risk](/sites/default/files/styles/4_3_small/public/migration/images/bigstock--202598437-1_1.jpg.webp?itok=5PYU3v37)
As tensions between the U.S. and Iran continue to heat up, a cyber war is already underway between the two nations.
![Is Your Risk Management Program Ready for the New European Banking Authority’s Guidelines?](/sites/default/files/styles/4_3_small/public/migration/images/bigstock-Euro-Coins-Stacked-On-Each-Oth-223184503_1.jpg.webp?itok=RFOUPRap)
In June 2018, the European Banking Authority (EBA) put forth guidelines on outsourcing arrangements that highlighted the importance of risk management within financial organizations. The notice of these guidelines was announced in June 2018 and will be enforced later in 2019.
![How Security Ratings Can Help Organizations Adhere to Hong Kong’s Cybersecurity Guidelines](/sites/default/files/styles/4_3_small/public/migration/images/bigstock--216042772_1.jpg.webp?itok=F7J8UGoo)
The implementation of many strict cybersecurity regulations and requirements (including GDPR, NYDFS, and more) continues to increase on a global scale. 2018 has also brought about the continuation of strict cybersecurity regulations in the Asia Pacific region: most notably in Singapore, Australia, and Hong Kong. This year, one new requirement from 2017, the Securities & Futures Commission’s Guidelines, go into effect.
![Security Ratings of U.S. Federal Agencies & Government Contractors](/sites/default/files/styles/4_3_small/public/2022/05/27/2.19-Federal-BitSight-Insights-Blog-Thumb_1.png.webp?itok=76rJjhuT)
The federal government relies on tens of thousands of contractors and subcontractors — often referred to as the federal “supply chain” — to provide critical services, hold or maintain sensitive data, deliver technology, and perform key functions. Along with the Federal Government itself, these contractors and subcontractors face a multitude of cyber threats.
![From Framework to Application: Security Ratings and NIST](/sites/default/files/styles/4_3_small/public/migration/images/DC-Skyline-Big_1.jpg.webp?itok=x8NCgbaP)
This is the introductory post in a series exploring how security ratings can address key aspects of the National Institutes of Standards and Technology’s (NIST) Framework for Improving Critical Infrastructure Cybersecurity. The purpose of these posts is to outline how security and risk professionals can leverage Bitsight’s ratings to drive better risk management through the lens of the NIST framework.
![Third-Party Risk Management Insights: 2015 Gartner Security & Risk Summit](/sites/default/files/styles/4_3_small/public/migration/images/cta-banner-bg_34.png.webp?itok=ArzrhB3E)
In recent years, the US government has become a leading advocate for continuous monitoring of security threats and vulnerabilities. But how effectively are departments and agencies in implementing these programs? And how do we measure success?