Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
![Blog Image KEV Research Announcement](/sites/default/files/styles/cta/public/2024/05/01/Blog%20Image%20KEV%20Research%20Announcement.png?itok=dUMFV8Tg)
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
![Discussing Third-Party Risk Management in the Healthcare Industry](/sites/default/files/styles/4_3_small/public/migration/images/medical_corps-128_1.png.webp?itok=hqUfQv92)
Healthcare security and how updated HIPAA/HITECH Act regulations are changing the nature of risk in that industry are hot topics right now. "The rules have made it easier for organizations to have penalties levied against them because of the actions of a subcontractor," Elizabeth Warren, a healthcare attorney with Nashville Tennessee-based Bass Berry & Sims, is quoted as saying in this Becker’s Hospital CIO post. And she’s absolutely right.
![Regulators Put More Emphasis on Third-Party Risk Management](/sites/default/files/styles/4_3_small/public/migration/images/third-party-information-security-regulations_1.png.webp?itok=aCwF-41m)
With so much of today's business processes dependent on a complicated network of suppliers, contractors, and service providers, the problem of determining liability for data privacy and protection is quickly coming to a head. When sensitive data is hosted in a provider's infrastructure, is that provider or its customer responsible for protecting that data? If a company entrusts a partner with a customer database and that partner lets the database be compromised, which company is responsible for notifying those customers and who will end up footing the bill for legal damages?
![The Impact of Target’s Data Breach Throughout the Partner Ecosystem](/sites/default/files/styles/4_3_small/public/migration/images/bigstock-The-Hamilton-Crossings-shoppin-260589403_1.jpg.webp?itok=0VLcEZmN)
Many of the facts surrounding the Target breach still remain unclear, even as details continue to emerge publicly. We still don’t know what the final tally of breached organizations will be, but the list keeps growing. In addition to who else has been breached and the impact on their customers, another factor we need to consider is how Target's business partners may be impacted. In a data breach on any retailer, card issuers, payment processors, insurers, suppliers and other parties may face substantial loss as the investigation and recovery costs ripple through these networks.