Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
![Blog Image KEV Research Announcement](/sites/default/files/styles/cta/public/2024/05/01/Blog%20Image%20KEV%20Research%20Announcement.png?itok=dUMFV8Tg)
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
![Risk Universe Explores Vendor Risk Management with Mike Duffy](/sites/default/files/styles/4_3_small/public/migration/images/riskuniverse-logo_1.jpg.webp?itok=iv6h0D0l)
With increased emphasis on third party risk management coming down from regulators and executive boards alike, cyber risk in the extended enterprise is shaping up to be a hot topic in 2014.
![Third-Party Risk Management Insights: 2015 Gartner Security & Risk Summit](/sites/default/files/styles/4_3_small/public/migration/images/cta-banner-bg_34.png.webp?itok=ArzrhB3E)
On December 20, 2013, soon after news of Target’s data breach broke, Venky Ganesan (Managing Director at Menlo Ventures and Bitsight Board Member) talked about Bitsight on CNBC. When asked about cutting edge technology in the cyber risk management space, Venky responded, “I think the most important thing we find right now is that security has become a board room issue. Everybody in the board room wants to know how secure are we, how can we measure security, and how can we manage it. We have an investment in a company called Bitsight that lets us get a rating on how secure your infrastructure is.”
![Shaun McConnon on Compliance & Security Risk](/sites/default/files/styles/4_3_small/public/migration/images/risk-mgmt-monitor_1.png.webp?itok=rVQIp5Qv)
On November 20th, Bitsight CEO Shaun McConnon was published by the Risk Management Monitor. His article, "Looking Beyond Compliance When Assessing Security" explores how risk managers can take a more comprehensive approach to mitigating security risk by augmenting traditional audits, questionnaires, tests and assessments with a continuous evaluation of security effectiveness.
![Cyber Risk Emerges as an Independent Category of Enterprise Risk Reporting](/sites/default/files/styles/4_3_small/public/migration/images/Mike-Duffy_1.jpg.webp?itok=JeCQGgjq)
This post is contributed by guest blogger Michael Duffy, a member of Bitsight's Board of Directors.
![In Search of Useful Models](/sites/default/files/styles/4_3_small/public/migration/images/useful-models-for-security-risk-measurment_1.png.webp?itok=MbFvX1xS)
I was in graduate school when I first heard the well-known quote by statistician George Box: “Essentially, all models are wrong, but some are useful."
![Security Risk Management: Should You Take A Reactive or Proactive Approach?](/sites/default/files/styles/4_3_small/public/migration/images/reactive-or-proactive-security-risk-management_1.jpg.webp?itok=jNVbpeWO)
In a world of evolving threats, executives are faced with the challenge of deciding whether to allocate scarce security resources in proactive investments that may prevent attacks or in reactive investments in response to security failures. Some researchers have argued that the most effective security investments are those based on lessons from past attacks, particularly when defending against similar incidents.
![How is Partner Security Risk Being Managed Today?](/sites/default/files/styles/4_3_small/public/migration/images/Global-Business-Partners_1.png.webp?itok=M2i1sXQq)
Partner security risk is an important topic in the minds of risk officers today. With the number of companies being breached via third parties on the rise (New York Times, Bank of America, Twitter), this is clearly a big area of concern. In a survey conducted by Ponemon in February 2013, 65% of participants said their organization had a breach involving the loss or theft of their organization’s information when it was outsourced to a third party. In April 2013, the Information Security Forum (ISF) wrote "Of all the supply chain risks, information risk is the least well managed."