Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
![Blog Image KEV Research Announcement](/sites/default/files/styles/cta/public/2024/05/01/Blog%20Image%20KEV%20Research%20Announcement.png?itok=dUMFV8Tg)
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
![Automated vendor risk assessment program](/sites/default/files/styles/4_3_small/public/2023/03/13/Automated%20Vendor%20Risk%20Assessment%2C%20SIZED.jpg.webp?itok=3Lq_qH-m)
Using automated vendor risk assessment capabilities and tools you can eliminate manual processes, scale your VRM program, and quickly mitigate risk.
![BitSight Ratings Tree, person working on laptop utilizing the ratings tree](/sites/default/files/styles/4_3_small/public/2022/06/09/Reflect%20your%20Security%20Posture%20-%20Ratings%20Tree%20Blog.jpg.webp?itok=kTCkFv27)
The Bitsight Ratings Tree gives you insight into the different portions of your business to identify gaps and weaknesses in your program performance.
![security ratings supercharge compliance](/sites/default/files/styles/4_3_small/public/2023/11/16/security%20ratings%20supercharge%20compliance_1.jpeg.webp?itok=8oy3OkDQ)
Amid a rise in regulatory pressure for cybersecurity leaders in Europe, with DORA and NIS2 as the most recent examples, cyber risk analytics emerge as an instrumental tool in ensuring compliance. Here's why.
![Newest Risk Vectors Highlight Innovation in Security Ratings](/sites/default/files/styles/4_3_small/public/2022/05/24/Newest-Risk-Vectors-Highlight-Innovation-in-Security-Ratings-min.png.webp?itok=43HnAQGw)
Within the Bitsight Security Ratings platform, we analyze risk vectors specifically chosen to help organizations identify and manage risks across their own networks and the networks of their third parties. Over the past few months, Bitsight has added new risk vectors to enhance the insights across the “spectrum of risk” and provide a more comprehensive picture of an organization’s security posture. These risk vectors will not be factored into our rating calculation until we update and expand the rating algorithm once every year. However, they still provide extremely valuable information to Bitsight users. As new threats emerge, Bitsight understands the important role that these threats play in the security ratings industry. This is why we continuously add to our list of risk vectors — it is critical that security ratings services are dynamic in nature and able to incorporate the identification of these risks into their service.
![Busting the Myths: Is Proprietary Data the Only Data That Counts?](/sites/default/files/styles/4_3_small/public/migration/images/8.25-Blog-Thumb_1.png.webp?itok=OPCdhTFv)
In the security ratings market, some offerings claim that a staggering percentage of the data they leverage is proprietary, and downplay the value of externally sourced data. While these companies may state that (close to) 100% of their data collection on IP maps, DNS records, event data and more is proprietary, there are several reasons why this is problematic. Let’s break down the myths surrounding this issue one at a time.
![CISO Education Requirements: Degrees, Training Courses, and Certifications](/sites/default/files/styles/4_3_small/public/2022/06/08/AdobeStock_232968888_1.jpg.webp?itok=BinrDNl-)
About 25 years ago, the evolution of the overall digital ecosystem necessitated the creation of the first CISO role. Now, 61% of companies have a CISO.
![Third Party Tiering: The Cornerstone of a Strong Third-Party Risk Management Program](/sites/default/files/styles/4_3_small/public/migration/images/bigstock-Business-Hierarchy-Ranking-An-196512991_1.jpg.webp?itok=CXLZmNjX)
With the number of third parties connected to businesses increasing, risk and security teams need to ensure they are spending the right amount of attention on the right third parties. To do this, organizations need a clearly defined, tiered portfolio of third parties, vendors, and suppliers. Today, many companies tier their third parties based on the inherent risk they present, and the types of data they handle or have access to.
![Do You Need to Create Segmented Networks to Protect Critical Assets?](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_591206291_1.jpg.webp?itok=vR-Owa5h)
Network segmentation — the act of dividing a network into multiple smaller, isolated networks that are not visible from the outside — has long been used to reduce cyber risk. At its core, segmentation assumes a “zero trust” approach to protecting digital environments and minimizes access to digital assets for those who don’t need it, while enabling access for those who do. Should a breach occur, that threat is contained in the segmented network so it doesn’t propagate to other assets.
![Self publish and primary rating](/sites/default/files/styles/4_3_small/public/2022/12/19/Self%20Publish%20Primary%20Rating%20blog%20image.jpg.webp?itok=UW-e_j6L)
Bitsight enables companies to create a rating based on the infrastructure that best represents their company, called a Self-Published rating, and then share it publicly as a Primary Rating
![Vendor, Security posture](/sites/default/files/styles/4_3_small/public/2022/07/15/How%20to%20Measure%20Your%20Vendors%E2%80%99%20Security%20Posture%20sized.jpg.webp?itok=sxgKuouB)
Learn how to onboard vendors securely and at speed with automated, data-driven insights into your vendors’ security postures.
![bitsight rating algorithm update](/sites/default/files/styles/4_3_small/public/2023/04/19/Header_RAU.png.webp?itok=6ZE8BbXS)
We have made several adjustment to continue to provide Bitsight users with the best external indicator of the performance of cybersecurity controls.
![Security Ratings Historical Performance Graph](/sites/default/files/styles/4_3_small/public/2022/07/29/Security%20Ratings%20Historical%20Graph_orig.jpeg.webp?itok=MjrN5Z4o)
Security ratings, or cyber security ratings, are a data-driven, objective and dynamic measurement of an organization’s security performance. Thousands of organizations around the world use Bitsight Security Ratings as a tool to address a variety of critical, interconnected internal and external use cases at scale in order to enable more effective decision making throughout the global business ecosystem.
![Tea leaves in a cup, representing that you need to interpret information](/sites/default/files/styles/4_3_small/public/2023/01/27/Reading%20Tea%20Leaves%2C%20SIZED.jpg.webp?itok=IuJ3gyex)
On the surface, the Bitsight Rating and associated Risk Vectors look self-explanatory, but there's an artistic element as well. In the case of Bitsight, that means having a thorough understanding of cybersecurity and drawing inferences from the data.
![system hacked](/sites/default/files/styles/4_3_small/public/2022/11/18/Shutterstock_1916985977%20%281%29.jpg.webp?itok=HLYjHJLd)
A study reveals the correlation between these security flaws and the likelihood of cybersecurity incidents. Learn more.
![Schneider Announcement](/sites/default/files/styles/4_3_small/public/2023/10/13/bitsight-schneider-electric-blog-banner-min.jpg.webp?itok=gSophSL0)
Cybersecurity threats targeting operational technology (OT) present costly challenges for organizations globally. Learn why Bitsight partnered with Schneider Electric to bring customers enhanced Industrial Control System (ICS) detection capabilities. Read more.