Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
![Blog Image KEV Research Announcement](/sites/default/files/styles/cta/public/2024/05/01/Blog%20Image%20KEV%20Research%20Announcement.png?itok=dUMFV8Tg)
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
![How To Communicate Cyber Risk As A CIO](/sites/default/files/styles/4_3_small/public/migration/images/How%2520To%2520Communicate%2520Cyber%2520Risk%2520As%2520A%2520CIO%2520-%2520thumb_1.jpg.webp?itok=kaQlzAtV)
Five to 10 years ago, communicating cyber risk wasn’t just difficult—it was downright rare. CISOs and CIOs were almost never asked to report metrics on cybersecurity to anyone except their direct supervisors.
![bitsight-blog](/sites/default/files/styles/4_3_small/public/2024/05/24/bitsight-blog.jpg.webp?itok=-q3o2lKI)
The importance of monitoring third-party vendors has increased in recent years with the numerous data breaches originating in vendor systems. You have likely heard from news coverage of major breaches that because of how interconnected organizations are today, it’s critical to make sure your vendors aren’t leaving your data exposed.
![Analyzing Cybersecurity & Reputational Risk Management In Financial Institutions](/sites/default/files/styles/4_3_small/public/migration/images/Full-Analyzing-Cybersecurity-Reputational-Risk-Management-In-Financial-Institutions_1.jpg.webp?itok=-vGmKHmd)
Reputational risk is the potential for damage to an organization’s character or good name. If a bank or financial institution is hit with an incident that puts a mark on its reputation, the event could compromise the company’s perceived legitimacy, thus affecting the number of current customers, prospective customers, shareholders, and the stock price. And because information is disseminated online and through social media so rapidly, this type of event could cause reputational harm almost immediately.
![4 Things CISOs & Security Managers Are Thinking About Today](/sites/default/files/styles/4_3_small/public/migration/images/4%2520Things%2520CISOs%2520And%2520Security%2520Managers%2520Are%2520Thinking%2520About%2520%2520-%2520thumb_1.jpg.webp?itok=yAcYCMSm)
We were curious about what CISOs and security managers have on their minds these days—so we searched around online and asked a few to share their thoughts. Below, you’ll find some interesting insights and observations to get a good conversation started in your office.
![How To Combat Security Risks In Cyber Insurance](/sites/default/files/styles/4_3_small/public/migration/images/risk_cyber_insurance_1.jpg.webp?itok=GQPgWJH0)
As an underwriter in the cyber insurance industry, you know that insurance is all about information. You’re responsible for making decisions about your applicants based on the details given to you—but you’re also aware of the potential for asymmetry in this information.
![A Breakdown Of Recent OCC-Issued Examination Procedures For Third-Party Risk Management](/sites/default/files/styles/4_3_small/public/migration/images/full_occexam_1.jpg.webp?itok=UyY6cANX)
Financial regulators have long been concerned about the cyber risk associated with third-party- supplied products or services in financial institutions. For example, in 2013, federal financial regulators put out an issuance to financial institutions regarding how to manage third-party cyber risk. Over the last few years since this 2013 bulletin was published, the attention on third-party risk has continued to increase and the topic has been included on several examination priorities published by the Office of the Comptroller of the Currency (OCC), the Securities and Exchange Commission (SEC), and the Federal Reserve.
![4 Reasons Traditional Vendor Risk Management Strategies Fall Short](/sites/default/files/styles/4_3_small/public/migration/images/4%2520Reasons%2520Traditional%2520Vendor%2520Risk%2520Management%2520Strategies%2520Fall%2520Short_1.jpg.webp?itok=_cmWbfbU)
Vendor risk management (VRM) is the practice of evaluating business partners, associates, or third-party vendors both before a business relationship is established and during the duration of your business contract. This is a difficult—albeit necessary—process all companies should go through when they enter into a third-party relationship.
![4 Cybersecurity Trends You'll See In 2017](/sites/default/files/styles/4_3_small/public/migration/images/4%2520Cybersecurity%2520Trends%2520Youll%2520See%2520In%25202017%2520-%2520thumb_1.jpg.webp?itok=S52BjFoQ)
During 2016, a lot happened in the realm of cybersecurity, and we witnessed a number of noteworthy events and trends:
![The Top 7 CIO Challenges In 2017](/sites/default/files/styles/4_3_small/public/migration/images/The%2520Top%25207%2520CIO%2520Challenges%2520In%25202017%2520-%2520thumb_1.jpg.webp?itok=WwdsqVp4)
In today’s security landscape, the CIO has a large and important role to fill. They must be aware of and compliant with regulations in their industry, focus on ensuring that the right security controls are in place for the organization and its vendors, and be able to consider the risks and benefits of new business processes.
![How To Approach IT & Cybersecurity Benchmarking As A CIO](/sites/default/files/styles/4_3_small/public/migration/images/benchmarking_full_1.jpg.webp?itok=u57h21fO)
To a chief information officer (CIO), cybersecurity is a multifaceted concern. Not only could a breach that results in a loss of sensitive data or information be a legal or reputational nightmare for their organization, but it could also cost them (and others in the C-suite) their job.
![Red Cross Data Breach: How 550,000 Australian Donors Were Exposed](/sites/default/files/styles/4_3_small/public/migration/images/Red%2520Cross%2520Data%2520Breach%2520How%2520550000%2520Australian%2520Donors%2520Were%2520Exposed%2520-%2520thumb_1.jpg.webp?itok=g_jdqFRI)
In 2015, the Australian Red Cross contracted with a web development company called Precedent to create a new website. Unfortunately, the vendor left sensitive donor information from the Red Cross in a backup database on a public-facing website.
![Ransomware's Impact On Government Cybersecurity](/sites/default/files/styles/4_3_small/public/migration/images/Ransomwares%2520Impact%2520On%2520Government%2520Cybersecurity%2520-%2520thumb_1.jpg.webp?itok=QqlLFPj8)
In our most recent Bitsight Insights report, we discuss the pervasive issue that is ransomware. The report states that education has the highest rate of ransomware across all industries—and government comes in second.
![Ideas For Incorporating Continuous Risk Assessment Software Into New Vendor Selection](/sites/default/files/styles/4_3_small/public/migration/images/Takeaways_From_Yahoos_500-Million-Account_Breach_1.jpg.webp?itok=cJ9BbjfA)
Onboarding third-party vendors that will have access to your network and data can have dire consequences if you don’t have the ability to gauge vendor risk. In a recent joint survey between Bitsight and IDG Research Services, more than 260 IT managers and professionals, nearly 70% said they were “extremely concerned” or “very concerned” about the security risks posed by third-party vendors and suppliers. Another study found that nearly two-thirds of breaches involve a third party.
![Takeaways From Yahoo's 500-Million-Account Breach](/sites/default/files/styles/4_3_small/public/migration/images/Takeaways_From_Yahoos_500-Million-Account_Breach_-_thumb_1.jpg.webp?itok=-h5T1wcL)
Last month, email giant Yahoo announced the compromise of 500 million user accounts—which is being called the largest breach from a single site in history. The breach compromised names, email addresses, telephone numbers, dates of birth, passwords, and some encrypted or unencrypted security questions and answers.
![Debunking Security Rating Myths](/sites/default/files/styles/4_3_small/public/migration/images/vendor_selection-stock-big_4.jpg.webp?itok=IZoUSuh8)
Ponemon Institute’s study, Data Risk in the Third-Party Ecosystem, highlights the challenges that companies face in protecting sensitive and confidential information shared with third parties.