Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
![Blog Image KEV Research Announcement](/sites/default/files/styles/cta/public/2024/05/01/Blog%20Image%20KEV%20Research%20Announcement.png?itok=dUMFV8Tg)
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
![global vendor breach](/sites/default/files/styles/4_3_small/public/2022/03/23/shutterstock_639700315.jpg.webp?itok=_y4NYmtx)
Organizations remain concerned about the potential implications to their own security posture as a result of the Okta cyber attack. It's important to identify where risks are present throughout your third parties landscape.
![Vendor security audit](/sites/default/files/styles/4_3_small/public/2022/03/21/Vendor%20Security%20Audit%2C%20Sized.jpg.webp?itok=31UMcGaI)
A vendor security audit can reduce third-party risk. Learn how you can mature your assessment process while saving time and resources.
![UK cyber resilience cyber security strategy webpage](/sites/default/files/styles/4_3_small/public/2022/02/28/UK%20Cyber%20Resilience%2C%20Sized.jpg.webp?itok=EZJ1xllP)
The UK Cyber Resilience 2022 strategy is a remarkable blueprint for any organization looking to improve cyber resilience. What lessons can be learned?
![Global supply chain risk](/sites/default/files/styles/4_3_small/public/2022/02/24/shutterstock_507719209.jpg.webp?itok=wZTdR-DH)
The situation between Russia and Ukraine has been escalating since the start of January, when Russia stationed more than 100,000 troops along the Ukrainian Border. Although cyber security is not the primary concern in the current situation, there is a cyber security component that absolutely should not be overlooked.
We believe a war in the region would have a direct impact on the cyber threat landscape. Both Poland and Lithuania have recently raised their countries' alert level, just hours after Ukraine reported its defense ministry and two banks had been hacked. In the US, CISA has issued a recommendation for all organizations, regardless of size, to adopt a heightened posture when it comes to cybersecurity. Meanwhile, Russia launched a full scale attack on Ukraine territory, which is still developing, and its full reach still remains to be seen.
We believe a war in the region would have a direct impact on the cyber threat landscape. Both Poland and Lithuania have recently raised their countries' alert level, just hours after Ukraine reported its defense ministry and two banks had been hacked. In the US, CISA has issued a recommendation for all organizations, regardless of size, to adopt a heightened posture when it comes to cybersecurity. Meanwhile, Russia launched a full scale attack on Ukraine territory, which is still developing, and its full reach still remains to be seen.
![Port of LA, shipping container in the port](/sites/default/files/styles/4_3_small/public/2022/06/17/Port%20of%20LA%20Cyber%20Resilience%20Center%20Sized-min.jpg.webp?itok=IoNUJp8A)
Disrupting the flow of goods and services is a keen priority for threat actors and critical infrastructure has long been a favored target. In 2021, the Colonial Pipeline ransomware attack caused a devastating impact to the economy when Russia-based hackers halted fuel movement along the critical U.S. Gulf and East Coast pipeline.
But this and other attacks may only be the beginning of an alarming ransomware trend aimed at U.S. critical infrastructure. Ransomware-as-a-service tools make ransomware easy to execute, making it the dominant cyber threat to enterprises in 2022. Indeed, the FBI recently warned that hackers have already developed ransomware code designed to disrupt critical infrastructure or industrial processes.
But this and other attacks may only be the beginning of an alarming ransomware trend aimed at U.S. critical infrastructure. Ransomware-as-a-service tools make ransomware easy to execute, making it the dominant cyber threat to enterprises in 2022. Indeed, the FBI recently warned that hackers have already developed ransomware code designed to disrupt critical infrastructure or industrial processes.
![Cyber intrusion, hacker looking at your network](/sites/default/files/styles/4_3_small/public/2022/02/07/Cyber%20Intrusion%2C%20Sized.jpg.webp?itok=_H7TnpQw)
Learn how to reduce the threat of cyber intrusion with a detection and prevention approach grounded in continuous monitoring.
![third party ransomware](/sites/default/files/styles/4_3_small/public/2022/02/01/shutterstock_1724155270.jpg.webp?itok=lVLHNvSn)
Learn what the disturbing ransomware trends means for your organization and third-party vendors.
![Drawn image of sharing files between different vendors](/sites/default/files/styles/4_3_small/public/2022/01/10/Dos%20and%20Donts%20of%20Data%20Sharing%2C%20sized.jpg.webp?itok=bASZyxUT)
Learn how to protect your organization’s “crown jewels” with these do’s and don’ts of sensitive data sharing with vendors.
![Dora blog image 2](/sites/default/files/styles/4_3_small/public/2022/01/05/DORA%20blog%20image%202.png.webp?itok=r7P-SwY2)
The Digital Operational Resilience Act is set to go into action in early 2022. Learn how Bitsight can help your organization meet the compliance requirements.
![Measuring an acceptable level of supply chain risk](/sites/default/files/styles/4_3_small/public/2021/12/23/Inherent%20Cyber%20Risk%2C%20Sized.jpg.webp?itok=Qeb3gWyw)
What does your organization consider an acceptable level of inherent cyber risk in its vendor portfolio? Learn how to establish that threshold and focus resources where they’re needed most.
![New Study: Why Cybersecurity Breach Survivors Are Your Firm’s Most Valued Asset](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1357654529-3_1.png.webp?itok=y87ZvMem)
A critical vulnerability that allows for unauthenticated remote code execution has been discovered in Apache Log4j 2, an open source Java logging tool. The Apache Software Foundation has identified the vulnerability as CVE-2021-44228.
“34% of companies [in portfolios] we examined had at least one exposed Java-based server. Not all of those use Log4j, but that gives a rough sense of the scale of exposure,” said Ethan Geil, Senior Director, Data and Research.
“34% of companies [in portfolios] we examined had at least one exposed Java-based server. Not all of those use Log4j, but that gives a rough sense of the scale of exposure,” said Ethan Geil, Senior Director, Data and Research.
![vendor risk management ransomware](/sites/default/files/styles/4_3_small/public/2021/12/06/ransomware-blog.jpg.webp?itok=58waN1-I)
The last two years have introduced new challenges to organizations across the globe -- from managing business operations through an ongoing pandemic; to a rapid-fire pivot to a digital mode of work; to an increase in cyber attacks targeting businesses directly, and through their supply chains.
![vendor risk management thumbs down](/sites/default/files/styles/4_3_small/public/2021/11/14/Closeup%20of%20womans%20hand%20gesturing%20thumbs%20down%20against%20chalkboard.jpg.webp?itok=fFXaY8Da)
Facebook and the apps under its umbrella, including Instagram and WhatsApp, were inaccessible for hours on Monday.
![How to Measure Cybersecurity Risk Across Your Digital Ecosystem](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_514749169_1.jpg.webp?itok=tC86_yYZ)
Cyber risk is everywhere. As organizations become increasingly interconnected — across business units, geographies, subsidiaries, remote offices, and third-party networks — the digital ecosystem is expanding rapidly. And this increased attack surface introduces a variety of new and evolving vulnerabilities.
![Best Practices For Managing Third Party Risk](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1698716524_1.jpg.webp?itok=E4rm62DO)
Properly managing third party risk and preventing damaging outcomes that result from gaps in your vendor ecosystem can be difficult and costly. With the recent SolarWinds data breach wreaking havoc on thousands of organizations globally, including many fortune 500 companies and organizations within the government sector, the need for efficiency when managing third party risk has never been more top of mind.