Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
![Blog Image KEV Research Announcement](/sites/default/files/styles/cta/public/2024/05/01/Blog%20Image%20KEV%20Research%20Announcement.png?itok=dUMFV8Tg)
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
![bitsight-blog](/sites/default/files/styles/4_3_small/public/2024/05/24/bitsight-blog.jpg.webp?itok=-q3o2lKI)
Like many technical industries, cybersecurity has a lot of specialized lingo. But there are two dozen cybersecurity terms in particular that are critical to understand. We’ve defined them here (in alphabetical order) and linked to a few articles that may help you better understand them along the way.
![How Does BitSight Work? A Look At Security Ratings & How They're Used](/sites/default/files/styles/4_3_small/public/migration/images/Woman-Desktop-Security-Ratings-Overview-1_1.png.webp?itok=X5N1mZHo)
Since our foundation in 2011 as the first company to provide a rating for measuring a company’s cyber security, Bitsight has become the world-leading security ratings provider. Bitsight is used around the world by industry leaders, country governance systems, as well as smaller organizations alike to take control of their cyber footprint, using safe and objective rating techniques. What does Bitsight do to stand apart from others in the security industry?
![A Vendor Risk Management Checklist For Small Companies](/sites/default/files/styles/4_3_small/public/migration/images/A_Vendor_Risk_Management_Checklist_For_Small_Companies_-_thumb_1.jpg.webp?itok=Kowr8g5_)
Vendor risk management (VRM) is a very broad category that encompasses all the measures an organization may take to prevent issues or business disruptions that arise due to vendor and third party relationships. Legal issues, past performance, and creditworthiness are some of the VRM issues small companies review most frequently—but cybersecurity should not be pushed to the back burner.
![Vendor Risk Management Best Practices to Prevent Embarrassing Headlines](/sites/default/files/styles/4_3_small/public/migration/images/12_IT_Vendor_Management_Best_Practices_That_Will_Prevent_Embarrassing_Headlines_-_thumb_1.jpg.webp?itok=uHA4_eVs)
You’ve likely heard your fair share of mortifying headlines involving IT vendor management. Many of the highly publicized breaches in the last several years occurred simply because the companies did not follow basic best practices for IT vendor risk management (VRM).
![Breaking Down 3 Of The Latest Cybersecurity Breaches](/sites/default/files/styles/4_3_small/public/migration/images/Breaking_Down_3_Of_The_Latest_Cybersecurity_Breaches_-_thumb_1.jpg.webp?itok=CcDYFWW8)
Even with every safeguard in place, it’s simply impossible to avoid all cybersecurity breaches. That being said, there are things you can do to lower the chance of a catastrophic one happening in your organization. By looking at a few recent attack vectors and what can be done to mitigate the risks these companies weren’t prepared for, you can help make sure your organization is prepared for a possible cybersecurity breach.
![How Different Industries Have Fared In Data Breach Prevention](/sites/default/files/styles/4_3_small/public/migration/images/How_Different_Industries_Have_Fared_In_Data_Breach_Prevention_-_thumb_1.jpg.webp?itok=rO5MIunn)
PwC recently published The Global State of Information Security Survey 2016, which highlights security trends in a number of industries and key themes across all industries.
![How CISOs Should Establish A Vendor Management Process](/sites/default/files/styles/4_3_small/public/migration/images/Thumb-How_CISOs_Should_Establish_A_Vendor_Management_Process_1.jpg.webp?itok=Exb7SgkX)
Vendor management spans a wide variety of topics: from contracts, to metrics, to relationships, and beyond. But one of the most critical aspects of vendor management—particularly for a CISO—is how to manage the risk your vendors bring to the table.
![bitsight-blog](/sites/default/files/styles/4_3_small/public/2024/05/24/bitsight-blog.jpg.webp?itok=-q3o2lKI)
The importance—and urgency—of cybersecurity measures have become increasingly visible in recent years. Yearly industry reports from the likes of Verizon, Trustwave, and PwC all express the importance of cybersecurity measures and the costly consequences of cyberattacks. No company wants to become another data breach statistic—but some decision-makers still may not understand the urgency of cybersecurity protection.
![The Problem with Modern Supply Chains](/sites/default/files/styles/4_3_small/public/2022/08/16/The%20Problem%20with%20Modern%20Supply%20Chains-min.jpg.webp?itok=XWzQNAuO)
Surveys highlighting third-party security and supply chain risk management best practices are conducted regularly. Many of them draw a similar conclusion: that supply chain risk management is a critical issue IT professionals are aware of, but the awareness isn’t necessarily leading to actionable (or effective) programs and policies.
![4 Crucial Cyber Risk Management Steps Your Company Should Take Right Now](/sites/default/files/styles/4_3_small/public/migration/images/thumb_proactive_cyberrisk_mgmg_1.jpg.webp?itok=vKo2Dgxh)
According to Merriam-Webster, proactivity is defined as “controlling a situation by making things happen or by preparing for possible future problems.
Its antonym, reac
Its antonym, reac
![UK Cybersecurity Strategy: 5 Things To Keep In Mind](/sites/default/files/styles/4_3_small/public/migration/images/Thumb-UK_Cybersecurity_Strategy_5_Things_To_Keep_In_Mind_1.jpg.webp?itok=_Fg-VSRR)
We’ll start by saying there isn’t anything inherently different about a U.K. cybersecurity strategy compared to one in, say, the U.S. But many countries do face some specific cybersecurity strategy challenges, whether they’re regulatory or situational—and the U.K. is no exception.
![Introduction To Information Risk Management In The UK](/sites/default/files/styles/4_3_small/public/migration/images/Thumb-Introduction_To_Information_Risk_Management_In_The_UK_1.jpg.webp?itok=iAs19jaP)
Before we go into details about managing information risk, let’s start with a working definition we can refer back to:
![Panama Papers: The Cybersecurity Risk Perspective](/sites/default/files/styles/4_3_small/public/migration/images/Panama_Papers_1.jpg.webp?itok=qlx1ltOT)
Touted as “history’s biggest data leak”—with over 2.6 terabytes of information compromised—the “Panama Papers” is one recent data breach that has drawn a great deal of press over the past few weeks. Over 11 million documents were leaked from a renowned Panamanian law firm, Mossack Fonseca, which specializes in offshore holdings. The firm claims their email server was breached, which compromised the files. The papers were obtained by a German newspaper, shared with International Consortium of Investigative Journalists (ICIJ), and revealed over 200,000 offshore companies. It is not yet clear how many of these holdings are facilitating illegal or unlawful activity.
![Analyzing 3 Major Data Breaches Of 2015](/sites/default/files/styles/4_3_small/public/migration/images/Thumb-Data-Breaches-Of-2015_1.jpg.webp?itok=bEMVqzQZ)
Some of the largest data breaches in history happened in 2015. Notable breaches on that list include PNI Digital Media, Anthem Insurance, and The Office Of Personnel Management. These three weren’t necessarily the top data breaches of last year in terms of size or impact, but they were important because these organizations were so highly trusted and recognized in their respective industries.
![How To Lower The Risk Of A Bank Data Breach](/sites/default/files/styles/4_3_small/public/migration/images/safety_deposit_bank_data_breach_small_1.jpg.webp?itok=SX4WAaaa)
The financial services industry is a leader in many aspects of cybersecurity performance and has set the standard in areas like vendor risk management. Why? Because risk is built into their culture. Inherent in the financial services industry is how to measure and mitigate risk, and they’ve become very effective at it.