Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
![Blog Image KEV Research Announcement](/sites/default/files/styles/cta/public/2024/05/01/Blog%20Image%20KEV%20Research%20Announcement.png?itok=dUMFV8Tg)
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
![Cybersecurity in Europe is Improving: Thank You GDPR?](/sites/default/files/styles/4_3_small/public/migration/images/bigstock--219346900_1.jpg.webp?itok=6n15gyLr)
After years of debate over whether to impose new cybersecurity regulations on companies, General Data Protection Regulation (GDPR) laws went into effect in Europe in May 2018. Already we’ve seen several data breach victims ordered to pay fines under the new rules and cookie disclosure notices are popping up on more websites than ever.
![Forecasting: The Missing Link in Your Annual Security Performance Planning Process](/sites/default/files/styles/4_3_small/public/migration/images/11.29-Forecasting-Blog-Header-Image_1.jpg.webp?itok=HB-lM65g)
When it comes to security performance management within your organization, how do your security teams measure performance? If they’re using security ratings, they know that this objective, quantitative measurement is an effective place to start when evaluating performance in certain areas.
![Forrester Recognizes BitSight as a Leader in Cybersecurity Risk Rating Solutions](/sites/default/files/styles/4_3_small/public/migration/images/bigstock--------223858897_2.jpg.webp?itok=bMn39N9F)
This past Tuesday, Bitsight was named a Leader in The Forrester New Wave™: Cybersecurity Risk Rating Solutions, Q4 2018 evaluation. This report evaluates the current offering and strategy of vendors in a particular technology market, such as security ratings. This is significant, as this is the first analyst report that has a core focus on evaluating security ratings services solutions side-by-side.
![The Board’s Role in Cyber Risk Management: Advice from Top Directors](/sites/default/files/styles/4_3_small/public/migration/images/bigstock-Business-Team-Meeting-Present--253202224_1.jpg.webp?itok=pYohAbIJ)
In today’s evolving threat landscape, corporate directors are increasingly asking for security performance updates from Chief Information Officer, Chief Information Security Officers, Chief Risk Officers, and other executives.
![Improve IT Vendor Monitoring with Data-Driven Conversations](/sites/default/files/styles/4_3_small/public/migration/images/IT%2520Team-Improve-IT-Vendor-Monitoring_2.jpg.webp?itok=7d1FDwo5)
Businesses are becoming increasingly reliant on outsourced IT services to support day-to-day operations.
![The State of Cyber Risk in Spain](/sites/default/files/styles/4_3_small/public/migration/images/bigstock--182719168_2.jpg.webp?itok=P7WEiUFM)
In Spain, cybersecurity is becoming more of a priority among businesses across all industries. One way to quantify these cybersecurity postures is by looking at Spain’s security ratings across all markets. In Spain, Bitsight Security Ratings are on average 119 points below Europe as a whole. The highest performing industry is Real Estate, which has a security rating of 71 security rating points better than the European average. The lowest performing industries are Financial Services and Insurance, which are more than 200 security rating points lower than the average European rating. Given the sensitive data financial services companies possess, this report suggests there is a need for additional investment in cybersecurity and cyber risk management. As companies invest in digital transformation programs, their exposure to risk increases and requires an increased investment in risk management across their organization.
![Best Practices for Cybersecurity Awareness Month with Stephen Boyer](/sites/default/files/styles/4_3_small/public/migration/images/bigstock-Cyber-Attack-Detection-Intern-243812206_1.jpg.webp?itok=DwtGw9F3)
October was Cybersecurity Awareness Month, which gave companies the opportunity to thoroughly examine their security and risk programs and identify where they can strengthen security practices. A Bitsight, we talk about risk management every day. We sat down with our Co-Founder & CTO, Stephen Boyer, to talk about the significance of having a risk-aware organization and proactive ways security ratings can help with risk management.
![Streamline Your Bank's Third-Party Vendor Management Risk Assessments](/sites/default/files/styles/4_3_small/public/migration/images/bigstock-Risk-Assessment-on-Ring-Binder-121113230_1.jpg.webp?itok=Z7V1Ibt2)
Banks and other financial institutions are a proving ground for new risk management methods. High risk and intense regulations feed into a culture of serious, comprehensive security — a culture that has manifested in mature methodologies such as the three lines of defense.
![Quantifying Cybersecurity Risk: A Beginners Guide](/sites/default/files/styles/4_3_small/public/migration/images/bigstock-Asian-Business-Adviser-Meeting-226416148_1.jpg.webp?itok=Qb25yCDA)
In a 2017 survey of almost 1,300 CEOs conducted by PwC, 63% of respondents said they were “extremely concerned” about cyber threats — up from just 8% in 2013.
![BitSight Research Highlights Financial Services Security Ratings in the UK](/sites/default/files/styles/4_3_small/public/migration/images/bigstock--223438498_2.jpg.webp?itok=jwVkWTyb)
Over the last several years, cybersecurity regulations (like NYDFS and GDPR) have placed pressure on the financial services industry to build and enforce some of the strongest risk management programs across any industry. These programs focus not only on internal security performance, but also on managing third party risk. Financial service organizations are both highly regulated and handle extremely sensitive personally identifiable information (PII), and as a result typically have higher security budgets when compared to other industries.
![3 Cybersecurity Risk Factors Financial Institutions Often Overlook](/sites/default/files/styles/4_3_small/public/migration/images/3_Cybersecurity_Risk_Factors_Financial_Institutions_Often_Overlook_1.jpeg.webp?itok=Hc-05E1f)
With every reported data breach or cyberattack, the cyber risk landscape gets a little more complex. Cyber criminals create new attack vectors, cybersecurity professionals develop new controls to protect their systems, the criminals get to work circumventing the controls, and so on.The result of this back and forth is that cyber risk professionals have a huge variety of risk factors to worry about. In response, risk managers and security specialists need to develop extremely complex cybersecurity programs to make sure all of their bases are covered. With so many cybersecurity risks to consider, it’s inevitable that some will receive less attention than they deserve. Unfortunately, these overlooked risk factors could play a role in your next cyberattack, and if your financial services firm isn’t prepared, that could be extremely costly. Here are a few historically overlooked risk factors that deserve some additional attention:
![BitSight Releases New VPNFilter & Oracle Weblogic Vulnerability Identification Filters](/sites/default/files/styles/4_3_small/public/migration/images/Woman-Desktop-Security-Ratings-Overview-3_1.png.webp?itok=Dvs5UCQd)
Within the Bitsight Security Ratings platform, we prioritize features that help organizations both identify and manage risks across their own networks and the networks of their third parties. Bitsight now enables users to identify organizations who are potentially vulnerable to VPNFilter malware or Oracle’s WebLogic server problems.
![3 Ways to Ensure Best-in-Class Third Party Cyber Risk Management](/sites/default/files/styles/4_3_small/public/migration/images/AdobeStock_162645021-220945-edited-min_1.jpeg.webp?itok=iWyusjJz)
An effective third party cyber risk management program both identifies potential threats and finds ways to mitigate them. Organizations should aspire to the highest possible standards when it comes to their security posture. To do so, they must leverage the best technology, efficiently allocate resources, and strive for continual improvement.
![Examining The Growing Cyber Risk Gap](/sites/default/files/styles/4_3_small/public/migration/images/11.17-Blog-Thumbnail_1.png.webp?itok=ZCv9J3Ah)
In today’s business world, the desire to transact in the digital realm is dramatically accelerating and, unfortunately, so is the cyber risk that one takes on as a result. Organizations that handle sensitive data are more likely to become the targets of hackers who are looking to exploit this information stored within their network. Businesses now find themselves exposed to a growing “Cyber Risk Gap.” This gap is the outcome of the combined impact of the following:
![4 Cybersecurity Risks Healthcare Providers Face With Their Vendors](/sites/default/files/styles/4_3_small/public/migration/images/thumb-cybersecurity-in-healthcare_1.jpg.webp?itok=BHOfYJHB)
If you’re involved in a healthcare-based organization, you’ve likely noticed the push for stronger vendor security and vendor risk management (VRM) practices. There are a few reasons for this.