Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
![Blog Image KEV Research Announcement](/sites/default/files/styles/cta/public/2024/05/01/Blog%20Image%20KEV%20Research%20Announcement.png?itok=dUMFV8Tg)
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
![A Security Score vs. A Security Rating: What’s The Difference?](/sites/default/files/styles/4_3_small/public/migration/images/scorevsrating-stock-big_1.jpg.webp?itok=0TGcRhBA)
This post was originally published July 18, 2016 and has been updated for accuracy and comprehensiveness.
![BitSight Study: Healthcare Sector is Far Too Vulnerable to Cyber Threats](/sites/default/files/styles/4_3_small/public/migration/images/917%2520Blog%2520%25281%2529_1.jpg.webp?itok=BcJCXMnM)
Healthcare is under attack. Hospitals, doctors’ networks, insurance companies, and others are prime targets for hackers due to the valuable protected health information (PHI) they store and the vital role they play in our nation’s critical infrastructure.
![What Boards of Directors Are Missing about Cybersecurity](/sites/default/files/styles/4_3_small/public/migration/images/What_Boards_of_Directors_Are_Missing_about_Cybersecurity_1.jpeg.webp?itok=W9mThRcg)
Cyberattacks have increased significantly in recent years, bringing vital conversations about cybersecurity into the Boardroom. As Board oversight of cybersecurity has increased, Board members — even those without technical expertise — have had to become rapidly acquainted with IT risk and security concepts. In the past few years, frameworks and best practices have emerged to help these Boards get a grip on their organization’s cybersecurity posture.
![Research Paper Validates Security Ratings’ Correlation to Likelihood of Breach](/sites/default/files/styles/4_3_small/public/migration/images/bigstock-Businessman-Pressing-Security--301990636_1.jpg.webp?itok=0lLT-1-M)
This spring, the research paper titled “Risky Business: Assessing Security with External Measurements” was published on Cornell’s academic resource site. Authored by former Bitsight data scientist, Jay Jacobs, as well as fellow academics Stephanie Forrest and Benjamin Edwards, this paper highlights the research done to correlate security ratings with the incident of a breach. As such, the paper demonstrates how an organization’s security practices can be measured externally and how these practices can be linked to observed security problems. Using statistical analysis, the authors then study the correlation between risk vectors and botnet infections. The paper argues that this information is sufficient to assess the security maturity of an organization using only externally available information.
![The Board’s Role in Managing Disruptive Risk: Enter Security Ratings](/sites/default/files/styles/4_3_small/public/migration/images/4.12-Blog-Image-Board-Security-Ratings_1.jpg.webp?itok=bUuAmLnh)
Today, disruptive risks are an area of focus for corporate directors worldwide. On a global basis, we face disruptions in areas like geopolitical volatility, economic slowdown, emerging technologies, cybersecurity threats, and climate change.
![BitSight Security Ratings Platform Expands Its Visibility in Compromised Systems](/sites/default/files/styles/4_3_small/public/migration/images/bigstock-cybercrime-hacking-and-techno-239309626_1.jpg.webp?itok=vqoYygdC)
Since creating the Security Ratings market in 2011, a core component of Bitsight’s value to users has been providing industry-leading comprehensive visibility into malware communications.
![Forrester Recognizes BitSight as a Leader in Cybersecurity Risk Rating Solutions](/sites/default/files/styles/4_3_small/public/migration/images/bigstock--------223858897_2.jpg.webp?itok=bMn39N9F)
This past Tuesday, Bitsight was named a Leader in The Forrester New Wave™: Cybersecurity Risk Rating Solutions, Q4 2018 evaluation. This report evaluates the current offering and strategy of vendors in a particular technology market, such as security ratings. This is significant, as this is the first analyst report that has a core focus on evaluating security ratings services solutions side-by-side.
![Using Security Ratings to Drive Organizational Performance](/sites/default/files/styles/4_3_small/public/migration/images/bigstock-Businessman-using-a-digital-ta-209395744_2.jpg.webp?itok=UzGSTRum)
An increasing number of security and risk teams are using security ratings to effectively assess the impact of their security programs as well as communicate changes to key decision makers — like the Board of Directors. These teams know that their company needs tools that provide an objective and quantitative view of their cybersecurity performance over time.
![Fact or Fiction (Part 2): More Misconceptions About Third-Party Risk Management](/sites/default/files/styles/4_3_small/public/migration/images/7.16-Blog-Fact-Fiction-TPRM_9.jpg.webp?itok=lGWyVvjZ)
Over the course of this blog series, we’ve addressed some of the major concepts surrounding third-party risk, as well as addressed some misconceptions. In this final post, we’ll continue to examine the last three of the top notions surrounding third-party risk management programs and weed out fact from fiction.
![Cybersecurity Metrics Your CIO Expects You to Know](/sites/default/files/styles/4_3_small/public/migration/images/bigstock-Business-Finance-Accounting--237523486_1.jpg.webp?itok=Cfl9ezfF)
In today’s landscape, managing your internal security processes as well as creating a third-party vendor risk management program should be top of mind, but prioritizing a solid understanding of the metrics surrounding your cybersecurity programs almost just as important. These metrics should dive deeper than “yes” or “no” questionnaire answers, but should help you gain a more comprehensive understanding of where you and your third parties fall when it comes to proactively mitigating cyber risk.
![A Forward-Looking View Into Security Performance](/sites/default/files/styles/4_3_small/public/migration/images/bigstock--195359497_1.jpg.webp?itok=SJHgxD5p)
For the last five years, Bitsight Security Ratings have been helping companies gain insight into the efficacy of their security programs, as well as the security performance of third and fourth party vendors. Today, the Bitsight Security Rating platform provides a year’s worth of data on all companies to paint a comprehensive picture of a company’s security posture over time.
![BitSight Research Highlights Financial Services Security Ratings in the UK](/sites/default/files/styles/4_3_small/public/migration/images/bigstock--223438498_2.jpg.webp?itok=jwVkWTyb)
Over the last several years, cybersecurity regulations (like NYDFS and GDPR) have placed pressure on the financial services industry to build and enforce some of the strongest risk management programs across any industry. These programs focus not only on internal security performance, but also on managing third party risk. Financial service organizations are both highly regulated and handle extremely sensitive personally identifiable information (PII), and as a result typically have higher security budgets when compared to other industries.
![BitSight Releases New VPNFilter & Oracle Weblogic Vulnerability Identification Filters](/sites/default/files/styles/4_3_small/public/migration/images/Woman-Desktop-Security-Ratings-Overview-3_1.png.webp?itok=Dvs5UCQd)
Within the Bitsight Security Ratings platform, we prioritize features that help organizations both identify and manage risks across their own networks and the networks of their third parties. Bitsight now enables users to identify organizations who are potentially vulnerable to VPNFilter malware or Oracle’s WebLogic server problems.
![BitSight Raises $60 Million in Series D Funding To Further Cement Status as Security Ratings Leader](/sites/default/files/styles/4_3_small/public/migration/images/7.2-Blog-BitSight-Series-D_2.jpg.webp?itok=XE-XwYsJ)
Last Thursday, Bitsight announced the closing of our Series D Round of funding. Not only is this important for our company, it is also extremely significant for the security and risk market as a whole.
![Why We Collaborated with Verizon on the Verizon Risk Report](/sites/default/files/styles/4_3_small/public/migration/images/Verizon-Risk-Review-Blog_1.jpg.webp?itok=OmsBRUTL)
Recently, Verizon announced the Verizon Risk Report (VRR), a new managed service offering that provides a security assessment framework to enable customers to gain a comprehensive view of their cyber risk. By combining external cybersecurity ratings, internal analysis, and culture and process assessments, Verizon is able to provide customers with a holistic profile of security performance and current posture, enabling customer to prioritize security investment and mitigate risks.
The launch
The launch