Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
![Blog Image KEV Research Announcement](/sites/default/files/styles/cta/public/2024/05/01/Blog%20Image%20KEV%20Research%20Announcement.png?itok=dUMFV8Tg)
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
![2023 cybersecurity trends](/sites/default/files/styles/4_3_small/public/2023/01/05/2023%20Cybersecurity%20Trends%2C%20SIZED.jpg.webp?itok=ZeCV0pCH)
Bitsight teamed with Moody’s Investors Service to discuss the cybersecurity trends to watch in 2023 and how security leaders can adapt their programs to increase preparedness.
![risk quantification scale](/sites/default/files/styles/4_3_small/public/2022/11/21/Shutterstock_1135785197.jpg.webp?itok=-qLjy64N)
Cyber risk quantification methods can help you talk about risk in terms of business and financial impacts. Here’s how to find the right method for your organization.
![white house IoT security ratings](/sites/default/files/styles/4_3_small/public/2022/10/20/white-house-banner-min.jpg.webp?itok=vt5vNH-t)
Launching in 2023, representatives from the public and private sectors intend to form a labeling system where products are rated based on their cybersecurity.
![Information Security In Banking & Finance Industry: 3 Critical Vendor Risks](/sites/default/files/styles/4_3_small/public/migration/images/Information%2520Security%2520In%2520Banking%2520-%2520BitSight_1.jpg.webp?itok=TVGkWjOz)
The NCUA Board approved a proposed rule that would require a federally insured credit union (FICU) to notify the NCUA as soon as possible but no later than 72 hours after they reasonably believe that a reportable cyber incident has occurred.
![NIST, Security Guidance](/sites/default/files/styles/4_3_small/public/2022/07/01/NIST%20Guidance_SIZED.jpg.webp?itok=W_NogpX6)
New guidance from the U.S. National Institute of Standards and Technology (NIST) provides important information for organizations seeking to improve their software supply chain security. NIST recommends a variety of best practices.
![cyber risk mitigation](/sites/default/files/styles/4_3_small/public/2021/11/16/cyberrisk%20mitigation.jpg.webp?itok=bH50Ze-R)
The federal government is using every tool possible to deter and disrupt retaliatory cyberattacks against critical national infrastructure. With the Strengthening American Cybersecurity Act, agencies are required to report cybersecurity incidents within a 72 hour period. Learn more.
![The state of cyber incident disclosure](/sites/default/files/styles/4_3_small/public/2022/03/28/From%20Months%20to%20Minutes%2C%20Sized.jpg.webp?itok=u2Oihzlw)
Are organizations prepared to meet new cyber incident disclosure requirements? The latest report from Bitsight's data analysts shows it might be easier said than done.
![Cybersecurity in banking, showing people using contactless banking](/sites/default/files/styles/4_3_small/public/2022/01/24/3%20Cybersecurity%20Banking%20Trends%202022%2C%20Sized.jpg.webp?itok=h3nTzMiz)
Rapidly evolving risk and the digitization of banking is creating new threats. Here are three cybersecurity in banking trends to watch this year.
![Dora blog image 2](/sites/default/files/styles/4_3_small/public/2022/01/05/DORA%20blog%20image%202.png.webp?itok=r7P-SwY2)
The Digital Operational Resilience Act is set to go into action in early 2022. Learn how Bitsight can help your organization meet the compliance requirements.
![Measuring an acceptable level of supply chain risk](/sites/default/files/styles/4_3_small/public/2021/12/23/Inherent%20Cyber%20Risk%2C%20Sized.jpg.webp?itok=Qeb3gWyw)
What does your organization consider an acceptable level of inherent cyber risk in its vendor portfolio? Learn how to establish that threshold and focus resources where they’re needed most.
![Taking Data Privacy Further: Prioritizing Privacy and Continuous Improvement](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1432137119.jpg.webp?itok=Sc8zRx9s)
Bitsight, the Standard in Security Ratings, has established itself as not only a clear leader in security ratings but now also in the burgeoning field of data privacy.
In an effort to demonstrate to its customers how seriously it takes protecting their data, and to lead the market to implement more comprehensive data privacy systems and practices, Bitsight is now the proud recipient of TrustArc’s TRUSTe APEC CBPR Enterprise Certification and the TRUSTe APEC PRP Enterprise Certification.
In order to receive this designation, Bitsight completed a demanding certification process based on a comprehensive set of requirements governing data privacy management practices, including the privacy standards set forth in the APEC Cross Border Privacy Rules (CBPR) and the APEC Privacy Recognition for Processors (PRP) Systems. These practices are further detailed in the TRUSTe Enterprise Privacy & Data Governance Practices Assessment Criteria.
In an effort to demonstrate to its customers how seriously it takes protecting their data, and to lead the market to implement more comprehensive data privacy systems and practices, Bitsight is now the proud recipient of TrustArc’s TRUSTe APEC CBPR Enterprise Certification and the TRUSTe APEC PRP Enterprise Certification.
In order to receive this designation, Bitsight completed a demanding certification process based on a comprehensive set of requirements governing data privacy management practices, including the privacy standards set forth in the APEC Cross Border Privacy Rules (CBPR) and the APEC Privacy Recognition for Processors (PRP) Systems. These practices are further detailed in the TRUSTe Enterprise Privacy & Data Governance Practices Assessment Criteria.
![The Digital Operational Resilience Act (DORA) - What you need to know](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_120539965-1_0.jpg.webp?itok=dFZRO61w)
The European Union (EU) will soon launch a new regulation that will require banks and firms in the global financial industry to mature their third-party risk management programs to include set cybersecurity requirements – which will also apply to the critical Information and Communication Technology (ICT) service providers they are working with.
![What’s Most Notable in Biden’s Cybersecurity Executive Order?](/sites/default/files/styles/4_3_small/public/migration/images/Digital%2520American%2520Flag_1.png.webp?itok=g9t4_ERi)
In light of recent significant attacks targeting the U.S. government, the Biden administration issued an Executive Order (EO) on cybersecurity on May 8, 2021.
Overall, the EO starts to fill in some critical gaps in US government cybersecurity capabilities. The EO is designed primarily to protect Federal infrastructure, but will also have significant impact on private sector service providers (e.g. software providers) who will now be required to meet new security requirements in order to do business with the U.S. government.
Overall, the EO starts to fill in some critical gaps in US government cybersecurity capabilities. The EO is designed primarily to protect Federal infrastructure, but will also have significant impact on private sector service providers (e.g. software providers) who will now be required to meet new security requirements in order to do business with the U.S. government.
![Top 3 Most Common Cybersecurity Models Explained](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1624789885_2.jpg.webp?itok=Iec-g2ip)
Security risk managers often face a lot of the same roadblocks, even if they’re managing programs of different sizes or in different industries. Basing security practices on well-known, and sometimes government-regulated cybersecurity models will mature your program to overcome process inefficiencies.
![NIST Cybersecurity Framework Now Includes Guidance For Federal Agencies](/sites/default/files/styles/4_3_small/public/migration/images/bigstock--192553642_1.jpg.webp?itok=_6kSxsMd)
Recently, the National Institute of Standards & Technology (NIST) released a guide for federal agencies to apply the NIST Cybersecurity Framework to government affairs. This comes during a time of heightened attention on the government’s cybersecurity efforts leading up to the election.