Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Critical Vulnerabilities Discovered in Automated Tank Gauge Systems
Bitsight TRACE explores several critical vulnerabilities discovered in ATG systems and their inherent risk when exposed to the Internet.
Since creating the Security Ratings market in 2011, a core component of Bitsight’s value to users has been providing industry-leading comprehensive visibility into malware communications.
When it comes to third-party risk management (TPRM), many organizations are just beginning to figure out the core components of their program — and some are not implementing any measures to monitor their third parties at all.
The development and deployment of software applications is inherently risky; a number of things can go wrong both during development and after launch. Project and product managers must stay aware of risks coming from a variety of areas, including:
In the months since Bitsight’s inaugural EXCHANGE forum, we have been digesting and processing the incredible sessions and discussions that came about from this forum. It was a great event that brought together security executives from all over to discuss the challenges they face in their roles every day.
This quarter, Bitsight released several new product features that enable organizations to more rapidly assess, prioritize and manage cyber risk. These new capabilities — the Portfolio Risk Matrix and Asset Risk Matrix — leverage Bitsight’s market-leading data to provide risk prioritization, helping customers address the most important risks within their own environment as well as their broader third-party ecosystem.
Businesses are becoming increasingly reliant on outsourced IT services to support day-to-day operations.
Banks and other financial institutions are a proving ground for new risk management methods. High risk and intense regulations feed into a culture of serious, comprehensive security — a culture that has manifested in mature methodologies such as the three lines of defense.
Business leaders now realize that their data is being exposed to risk by their vendors, and that monitoring and remediating these threats is a necessary part of an effective cybersecurity program.
On a Friday morning in October 2016, millions of people across North America attempted to visit popular websites including Spotify, Reddit, and the New York Times, only to find that they were inaccessible.
Within the Bitsight Security Ratings platform, we prioritize features that help organizations both identify and manage risks across their own networks and the networks of their third parties. Bitsight now enables users to identify organizations who are potentially vulnerable to VPNFilter malware or Oracle’s WebLogic server problems.
If you’ve done your homework as a cybersecurity professional, then you know that third-party vendors with substandard security controls and processes could be putting your organization at risk.
As advances in cloud computing and managed services have made IT operations more streamlined, the focus of IT leaders has shifted to improving efficiency, agility, and risk management. Managing risk, in particular, has become an even more central concern.
Mitigating risk is an essential business function that should cover obvious domains — like financial risk — but also include reputational, strategic, and operational risks.
With outsourcing continuing to rise, third party cyber risk management has become a pressing issue for organizations worldwide. Yet, many firms across the globe are approaching this challenge differently.
At a recent Bitsight Roadshow, a customer with an advanced third party risk management program declared “assessments are not risk reduction.” The statement was not meant to convey that assessments are useless for third party risk; rather, that assessments themselves don’t inherently drive risk down.