Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
![Blog Image KEV Research Announcement](/sites/default/files/styles/cta/public/2024/05/01/Blog%20Image%20KEV%20Research%20Announcement.png?itok=dUMFV8Tg)
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
![17 Major Data Breaches From 2013 To 2015](/sites/default/files/styles/4_3_small/public/migration/images/Thumb-17-Major-Data-Breaches-From-2013-To-2015_1.jpg.webp?itok=m9PhyFxP)
It goes without saying that the following data breaches were incredibly damaging, both to the companies and to those affected. Each has resulted in some level of data loss, financial loss, and reputational harm. Below, we’re exploring what some of the top breaches in 2015, 2014, and 2013 were and examining the commonalities and differences between them.
![Analyzing Vendor Risk Tools: Vulnerability Scans, Penetration Tests & More](/sites/default/files/styles/4_3_small/public/migration/images/Thumb-Selecting-The-Right-Vendor-Management-Software-5-Things-To-Keep-In-Mind_1.jpg.webp?itok=llYRgc5d)
This is a two-part blog post. First, you'll discover 5 things to keep in mind when selecting a vendor management software. In the second part, you'll read on to uncover the pros and cons of the many vendor risk management tools that organizations have to assess third party vendors.
![Why Your Business Needs a Vendor Management Policy](/sites/default/files/styles/4_3_small/public/migration/images/Thumb-4-Reasons-You-Need-A-Vendor-Management-Policy-Right-Now_1.jpg.webp?itok=71iE8N0O)
This post was updated on September 14, 2020.
![Top 3 Cybersecurity Metrics To Start Tracking](/sites/default/files/styles/4_3_small/public/migration/images/Thumb-Top-3-Cybersecurity-Metrics-To-Start-Tracking_1.jpg.webp?itok=NAuj-Oag)
Creating a vendor risk management program is of utmost importance in today’s threat landscape. So if you don’t have a program in place already, you may be wondering where—and how—you should get started. One of the building blocks for any security program is the creation of actionable cybersecurity metrics. These will help you go beyond “yes” and “no” answers in your own organization (and your vendors’) and see exactly how well-prepared your company is to protect against cyberthreats.
![bitsight-blog](/sites/default/files/styles/4_3_small/public/2024/05/24/bitsight-blog.jpg.webp?itok=-q3o2lKI)
Cyberhacks in the online tax software service and software realm have been extremely prevalent in the last year. In August of 2015, the Internal Revenue Service (IRS) revealed that hackers had gained access to sensitive information about over 334,000 Americans by taking advantage of the IRS's Get Transcript database. This function allowed taxpayers to gather data from their previous tax returns, but hackers were able to leverage this function to their advantage in order to gather enough personally identifiable information to steal identities.
![COBIT Vs. ITIL: Which Framework Works Best For Cybersecurity?](/sites/default/files/styles/4_3_small/public/migration/images/COBIT%2520ITIL%2520framework_1.jpg.webp?itok=nva1henl)
COBIT and ITIL are information technology management and IT governance frameworks, and both are popular around the world. They were created to provide management and guidance for IT services in businesses of all sizes.
![The Top 22 IT Security Blogs Of 2015](/sites/default/files/styles/4_3_small/public/migration/images/Full-The-Top-22-IT-Security-Blogs-Of-2015-1_1.jpg.webp?itok=zTdW5IeJ)
If you want to find out what’s happening in the world, you probably turn to your favorite news outlet. Maybe it’s your local paper or something more widely circulated, like the Washington Post or the New York Times. But if you want to find out what is happening on a day-to-day basis with cybersecurity governance and policy, you’ll need to have a stash of bookmarked blogs at the ready.
![What is IT Risk Management?](/sites/default/files/styles/4_3_small/public/migration/images/Full-What-Is-Information-Risk-Management_1.jpg.webp?itok=dKbP9pZy)
This post was updated on January 27, 2020.
![9 IT Vendor Management Best Practices](/sites/default/files/styles/4_3_small/public/migration/images/Newspapers_Fotolia_2.jpg.webp?itok=uKFXpOT6)
You’ve likely heard your fair share of mortifying headlines around IT vendor management mistakes. Many of the highly publicized breaches in the last several years happened simply because the companies did not follow basic best practices for IT vendor risk management (VRM).
![Think You Can Avoid A Catastrophic Data Breach?](/sites/default/files/styles/4_3_small/public/migration/images/thumb-catastrophic-data-breach_1.jpg.webp?itok=BVq7jXpm)
A sad truth about vendor risk management is that data breaches can—and will—happen to far too many companies. They are an unfortunate side effect of the digital world we live in today. But catastrophic data breaches are another story entirely. Yes, they do happen—and they happen more often than one might hope.
![Why Historical Security Data Matters in Vendor Risk Management](/sites/default/files/styles/4_3_small/public/migration/images/stockindex-stock-big_2.jpg.webp?itok=RMG5yXR1)
In today’s cyber threat landscape, organizations must know how secure they are at any given time. One of the most important questions that security professionals and risk managers can ask is “how secure am I right now?”
![3 Ways Industry Benchmarking Data Can Be Used in VRM Programs](/sites/default/files/styles/4_3_small/public/migration/images/file-2117911139_2.jpg.webp?itok=jPx8kXOf)
Assessing the security performance of your vendors and third parties is crucial considering the amount of access to sensitive information we grant to these partners. However, for those assessments to be effective, and for you to actually know what the results mean, you need to know what performance trends you should be looking for and to be able to contrast and compare the results. This is where benchmarking comes in.
![New SEC Exams Emphasize Vendor Risk Management](/sites/default/files/styles/4_3_small/public/migration/images/marketchart-stock-thumb_1.jpg.webp?itok=zI_ZZwM3)
Last week, the SEC issued a Risk Alert, announcing that they will continue to assess cybersecurity risk and preparedness among brokers/dealers, investment advisors, and other financial institutions. The release details several focus areas for these exams. Here are a few highlights:
![Expect The Unexpected: Which Non-Obvious Vendors Have Access To Your Data?](/sites/default/files/styles/4_3_small/public/migration/images/thumb_nonobvious_1.jpg.webp?itok=m1VH0Nvg)
There are obvious and non-obvious vendors, third parties, and contractors that have access to your data or your corporate network. The obvious ones are organizations that provide IT or technology services to you. Naturally, these individuals would have access to your data, because you’ve granted it!
![Why Vendor Management Best Practices Should Be A Little More Risky](/sites/default/files/styles/4_3_small/public/migration/images/Thumb_ven_manage_best_practice_1.jpg.webp?itok=pijMximB)
Prioritizing vendors based on risk is considered a vendor risk management best practice. But how do you do this? To start, let’s look at a commonly referred-to equation: