Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Critical Vulnerabilities Discovered in Automated Tank Gauge Systems
Bitsight TRACE explores several critical vulnerabilities discovered in ATG systems and their inherent risk when exposed to the Internet.
What is continuous monitoring vs. continuous security testing and why you need both to protect your organization against third-party risk.
Learn how to mitigate supply chain attacks by improving visibility into your third-party attack surface.
Data exfiltration is the unauthorized transfer of data from a host device, such as an application, database, or server. Here’s how you can prevent it.
Third-party vendors are a vital part of your business ecosystem. But if you’re not careful, these companies can introduce cyber risk. The SolarWinds supply chain hack is a notable example of the jeopardy that even the most trusted partnerships can yield.
Learn how to secure your expanding cybersecurity ecosystem, including your supply chain.
These questions will help you choose the best VRM tool that will take your program to the next level.
Your interconnected supply chain needs trust in you, and you in them. But how can you build trust when visibility is low and resources are limited?
Supplier due diligence can protect your organization from third-party risk. Here are best practices for doing it effectively.
The modern attack surface is expanding, presenting new challenges to the status quo of cyber supply chain risk management. Let’s analyze the evolving landscape, and highlight key shifts important to your organization.
New guidance from the U.S. National Institute of Standards and Technology (NIST) provides important information for organizations seeking to improve their software supply chain security. NIST recommends a variety of best practices.
Organizations remain concerned about the potential implications to their own security posture as a result of the Okta cyber attack. It's important to identify where risks are present throughout your third parties landscape.
The situation between Russia and Ukraine has been escalating since the start of January, when Russia stationed more than 100,000 troops along the Ukrainian Border. Although cyber security is not the primary concern in the current situation, there is a cyber security component that absolutely should not be overlooked.
We believe a war in the region would have a direct impact on the cyber threat landscape. Both Poland and Lithuania have recently raised their countries' alert level, just hours after Ukraine reported its defense ministry and two banks had been hacked. In the US, CISA has issued a recommendation for all organizations, regardless of size, to adopt a heightened posture when it comes to cybersecurity. Meanwhile, Russia launched a full scale attack on Ukraine territory, which is still developing, and its full reach still remains to be seen.
We believe a war in the region would have a direct impact on the cyber threat landscape. Both Poland and Lithuania have recently raised their countries' alert level, just hours after Ukraine reported its defense ministry and two banks had been hacked. In the US, CISA has issued a recommendation for all organizations, regardless of size, to adopt a heightened posture when it comes to cybersecurity. Meanwhile, Russia launched a full scale attack on Ukraine territory, which is still developing, and its full reach still remains to be seen.
A critical vulnerability that allows for unauthenticated remote code execution has been discovered in Apache Log4j 2, an open source Java logging tool. The Apache Software Foundation has identified the vulnerability as CVE-2021-44228.
“34% of companies [in portfolios] we examined had at least one exposed Java-based server. Not all of those use Log4j, but that gives a rough sense of the scale of exposure,” said Ethan Geil, Senior Director, Data and Research.
“34% of companies [in portfolios] we examined had at least one exposed Java-based server. Not all of those use Log4j, but that gives a rough sense of the scale of exposure,” said Ethan Geil, Senior Director, Data and Research.
Cyber risk management should be a priority for any organization. And while there are many measures your business can take to reduce cybersecurity risk across the enterprise, how do you discover and remediate unknown risks that may be lurking in the networks of third parties?
In light of recent significant attacks targeting the U.S. government, the Biden administration issued an Executive Order (EO) on cybersecurity on May 8, 2021.
Overall, the EO starts to fill in some critical gaps in US government cybersecurity capabilities. The EO is designed primarily to protect Federal infrastructure, but will also have significant impact on private sector service providers (e.g. software providers) who will now be required to meet new security requirements in order to do business with the U.S. government.
Overall, the EO starts to fill in some critical gaps in US government cybersecurity capabilities. The EO is designed primarily to protect Federal infrastructure, but will also have significant impact on private sector service providers (e.g. software providers) who will now be required to meet new security requirements in order to do business with the U.S. government.