Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
![Blog Image KEV Research Announcement](/sites/default/files/styles/cta/public/2024/05/01/Blog%20Image%20KEV%20Research%20Announcement.png?itok=dUMFV8Tg)
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
![Why Bayer Chose BitSight](/sites/default/files/styles/4_3_small/public/migration/images/BAYER_1.png.webp?itok=D11R9vdN)
Companies must build a “trust and verify” strategy when it comes to managing third party risk. Requesting documentation about a supplier’s security performance is good – but how can you verify it? How can you continuously review performance?
![Cloud outsourcing poses new challenges for regulators and Financial Services](/sites/default/files/styles/4_3_small/public/migration/images/Strategic%2520cloud%2520outsourcing_EMEABlog_1.jpg.webp?itok=XpAY-Ml1)
Cyber risk and regulatory compliance are two sides of the same coin in the Financial Services sector. Together, they spur Financial Services companies to take action to protect customers, their business and the global financial ecosystem from the malicious cyber attacks or the risk of critical system failures.
![3 Ways to Avoid the Top Causes of Data Breaches](/sites/default/files/styles/4_3_small/public/migration/images/3%2520Ways%2520to%2520Avoid%2520blog%2520post-1_1.png.webp?itok=Ny6AlRDp)
As the number and costs of cyber-attacks and data breaches continue to rise, more money is being thrown at the problem. IDC projects that by 2022, organizations will spend $133.8 billion to protect their IT infrastructures against cybersecurity threats.
![Financial services in Asia Pac face regulatory driven scrutiny of cyber risk management](/sites/default/files/styles/4_3_small/public/migration/images/blog_apac_financial_services_regulations_1.jpg.webp?itok=qaqYjmeb)
The evolution of the technology environment and related security threats is so fast paced it often seems businesses and regulators are playing an endless game of catch-up.
![Control and Accountability: The New Watchwords for Regulatory Compliance](/sites/default/files/styles/4_3_small/public/migration/images/control_accountability_blog_1.jpg.webp?itok=qkHuwdMy)
The regulatory environment is evolving rapidly as national and international regulatory bodies attempt to keep pace with changing business models, technology infrastructure and continuously escalating cyberthreats.
![Third-Party Vendor Risk Management for Financial Institutions](/sites/default/files/styles/4_3_small/public/2022/02/18/Third-Party%20Vendor%20Risk%20Management%20for%20Financial%20Institutions.png.webp?itok=9j-pJubH)
The nature of financial services necessitates global connections and vast third-party ecosystems, with connections to millions of users and devices. This makes financial services firms a favorite target for cyber criminals, accounting for a full 10% of global breaches in 2018.
![New Study: Why Cybersecurity Breach Survivors Are Your Firm’s Most Valued Asset](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1357654529-3_1.png.webp?itok=y87ZvMem)
No one wants to talk about their failures, especially in the cybersecurity realm where the stakes are high. But new insight from Symantec and Goldsmiths, University of London, finds that security professionals who have lived through a cybersecurity attack or breach could be the answer to protecting your organization against future threats.
![BitSight Study: Just How Secure is the Business Services Sector?](/sites/default/files/styles/4_3_small/public/migration/images/Business%2520Services%2520Blog_1.jpg.webp?itok=DOtKZHgy)
Management consultants, accountants, public safety offices, marketing firms, and many more business and professional services organizations are high-value targets for cybercriminals due to the range of confidential client information they handle. Companies in this sector should all have solid security postures — and many do. But there’s still an alarming number of enterprises that do not.
![Airbus Incident Shines Spotlight on Third-Party Vendor Security Risks](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1319730824_1.jpg.webp?itok=SWXTMUgV)
2019 has been a year of high-profile attacks, and, as we predicted, it’s only getting worse. That’s certainly the case for Airbus.
![Financial Data Breaches 2019: Capital One, First American, Desjardins, More](/sites/default/files/styles/4_3_small/public/migration/images/AdobeStock_93365244-min-1_1.jpeg.webp?itok=svdukgNU)
Cyber attacks are occurring more frequently and banks, insurance companies, and other financial services firms are prime targets. Due to the nature of these businesses and the sensitivity of their data, financial firms are hit with approximately 300 times more cyber attacks than businesses in other industries.
![Social Engineering: How Attackers Exploit People's Vulnerabilities](/sites/default/files/styles/4_3_small/public/migration/images/9.28%2520-%2520Social%2520Engineering%2520Blog_1.jpg.webp?itok=1c7i60GQ)
A new report from the Information Security Forum (ISF) contains some fascinating insights into how hackers probe and exploit people's psychological vulnerabilities to gain access to corporate systems. From phishing to "whaling" (targeting high level executives) to "baiting" (offering something in return for credentials or information), hackers are using several tactics to gain a foothold. They also know the best time to deploy those tactics – at the end of the day, for example, when a person is tired and may not make the best decisions.
![Just How Secure is the Technology Sector?](/sites/default/files/styles/4_3_small/public/migration/images/924%2520Blog_3.jpg.webp?itok=dZzXDUA3)
Technology companies — along with their partner ecosystems — are some of the most targeted organizations when it comes to cyber-attacks. In 2018, enterprises invested an average of 3.5 million on cloud apps, platforms, and services — making the sensitive information held in those platforms a top target for hackers.
![BitSight Study: Healthcare Sector is Far Too Vulnerable to Cyber Threats](/sites/default/files/styles/4_3_small/public/migration/images/917%2520Blog%2520%25281%2529_1.jpg.webp?itok=BcJCXMnM)
Healthcare is under attack. Hospitals, doctors’ networks, insurance companies, and others are prime targets for hackers due to the valuable protected health information (PHI) they store and the vital role they play in our nation’s critical infrastructure.
![Study: Hackers Look to Maximize Damage With New Ransomware Strategy](/sites/default/files/styles/4_3_small/public/migration/images/823%2520blog_1.jpg.webp?itok=D32EJSYX)
Cybersecurity threats are becoming more sophisticated, targeted, and potentially catastrophic. This is particularly true of the most dominant form of cyberattack – ransomware.
![SOC Stress: The Security Threat That Nobody is Talking About](/sites/default/files/styles/4_3_small/public/migration/images/816%2520blog%2520%25282%2529_1.jpg.webp?itok=XFR-IU5c)
Stress and burnout is emerging as perhaps the biggest threat to corporate security. Long hours, alert overload, and a lack of visibility into their IT infrastructure have many security professionals reconsidering their chosen careers.