Insights blog.

Learn what really keeps security and risk leaders awake at night, plus solutions they can use to maximize their security resources and better manage an expanding attack surface.

Learn why cybersecurity transparency matters and how you can achieve it quickly and at scale across your vendor portfolio.

The Bitsight Badge enables an organization to prove their focus on security, increase transparency, and showcase the hard work they put into enhancing security performance.

Ransomware can gain access to your network through your third party ecosystem - and it may be more likely than you think. Read our latest blog to learn the three most effective ways to defend against third party ransomware risk.

What is a botnet? A botnet is a collection of networked devices that are infected by malware and hijacked to carry out scams and data breaches.

Learn what you can do to defend against cyber attacks and achieve a state of cyber resilience.

Cybersecurity is a priority for any organization and a big-ticket budget line item. But before investments in security are made, your organization must understand what it is doing right and where improvements to your cybersecurity program are needed.

Typically, this involves conducting a periodic security audit. But these assessments only capture a point-in-time view of the effectiveness of your security controls – and are incredibly resource-intensive.

It’s hard to believe, but Bitsight is celebrating our 10 year anniversary this week! I co-founded Bitsight in 2011 with my friend and grad school classmate, Nagarjuna Venna. When I think back at our original idea of creating a global cybersecurity ratings system, I’m surprised that our original thesis and vision still holds true today. It’s been an incredible journey filled with twists and turns, and I wanted to share some thoughts about where we’ve been and where we’re headed in the next decade.

Not long ago, corporate executives would give only passing thoughts to their organization’s cybersecurity postures. Leadership and board members would take notice in the wake of a major data breach, for example, or a couple of times a year as a “check the box” exercise to maintain compliance with regulations. Overall, however, cybersecurity analytics didn’t really garner much attention.

A week ago (which seems like a world ago given everything that’s happened with SolarWinds) Phil Venables -- formerly CISO of Goldman Sachs and now CISO of Google Cloud -- posted an interesting expose on security ratings this week. Phil has a better perspective than most on the value and challenges of ratings not only because of the positions that he’s held but also because he is one of the authors of the Principles of Fair and Accurate Security Ratings. These principles also guide how Bitsight thinks about our rating overall.

Online services, e-commerce sites, videoconference, delivery services, and all other kinds of services are growing exponentially, exposing users and data to new risks and threats.  Users expect that the sites and services they rely on are using best practices when it comes to security.  But are they?

As time goes on, organizations are taking on more and more new digital transformation initiatives to become increasingly agile and boost productivity — dramatically transforming the number of digital touchpoints employees interact with on a day-to-day basis.

Cyber risk and regulatory compliance are two sides of the same coin in the Financial Services sector. Together, they spur Financial Services companies to take action to protect customers, their business and the global financial ecosystem from the malicious cyber attacks or the risk of critical system failures.

The evolution of the technology environment and related security threats is so fast paced it often seems businesses and regulators are playing an endless game of catch-up.

The regulatory environment is evolving rapidly as national and international regulatory bodies attempt to keep pace with changing business models, technology infrastructure and continuously escalating cyberthreats.