Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
![Blog Image KEV Research Announcement](/sites/default/files/styles/cta/public/2024/05/01/Blog%20Image%20KEV%20Research%20Announcement.png?itok=dUMFV8Tg)
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
![Are Vendors Meeting Your Company’s Security Standards?](/sites/default/files/styles/4_3_small/public/migration/images/9.28-Insights-Blog-Thumb_2.png.webp?itok=52PXU3n1)
When it comes to vendor risk management, organizations ultimately need their vendors to meet the same standard of security performance they hold for their own organization. For years, the Finance industry has been a trailblazer in managing the risk posed by vendors, suppliers, and business partners. However, are vendors in the Finance supply chain meeting the same level of security performance held by Finance organizations?
![Six Key Areas of Focus for Your Cybersecurity Budget | BitSight](/sites/default/files/styles/4_3_small/public/migration/images/cybersecurity_spending_thumb_2.jpg.webp?itok=WE4o17B5)
The goal of cybersecurity is to help mitigate or prevent a cyber attack that could cause significant harm to your business, your operations, your financial performance, or your customers. But organizations with mature cybersecurity programs are increasingly aware of the fact that they cannot address every cyber threat since bad actors will continually find ways to hack and mine data. Instead, they choose to focus on preventing catastrophic attacks from taking place.
![Financial Services Cybersecurity: Third- & Fourth-Party Best Practices](/sites/default/files/styles/4_3_small/public/migration/images/Cybersecurity%2520In%2520Financial%2520Services%2520-%2520thumb_1.jpg.webp?itok=CJqK9P8T)
The financial services industry is known for its mature cybersecurity programs. There are many drivers for this, one being the increasingly strict regulatory environment. For example, the Office of the Comptroller of the Currency (OCC) indicated in early 2017 that financial service companies should be prepared for examiners to evaluate third-party cybersecurity.
![The Importance of Actionable Metrics in Managing Vendor Risk](/sites/default/files/styles/4_3_small/public/migration/images/9.1-Blog-Thumb_1.png.webp?itok=BAnrvrg5)
In today’s market, an increasing number of security and risk management executives are being asked to present to the Board of Directors on the state of their — and their third parties’ — security and risk programs. Gartner estimates that by 2020, 75% of Fortune Global 500 companies will treat vendor risk management as a board-level initiative to mitigate brand and reputation risk. Bitsight understands that making an organization’s cybersecurity posture accessible to C-level executives and the Board of Directors is becoming more of a requirement within the business; we’ve added capabilities within Bitsight Security Ratings that arm security and risk management executives with actionable metrics that they can share with the Board of Directors.
![4 Cybersecurity Risks Healthcare Providers Face With Their Vendors](/sites/default/files/styles/4_3_small/public/migration/images/thumb-cybersecurity-in-healthcare_1.jpg.webp?itok=BHOfYJHB)
If you’re involved in a healthcare-based organization, you’ve likely noticed the push for stronger vendor security and vendor risk management (VRM) practices. There are a few reasons for this.
![How Can Existing Vendor Risk Management Programs Efficiently Scale to Meet the Current Demand?](/sites/default/files/styles/4_3_small/public/migration/images/8.4-Blog-Thumb_1.png.webp?itok=Bei_cCsf)
In today’s world, organizations must be extremely conscientious about their vendors. It is just as important to be aware about the security of third-party networks as it is to be aware of their own. In April 2017, Netflix’s new season of the hit show “Orange is the New Black” was stolen and leaked after they ignored several ransom requests by a hacker. The agent was able to breach Larson Studios, a third party postproduction company for Netflix. It’s critical that organizations have a vendor risk management (VRM) program in place to address the risk posed by third parties. As outsourcing and the use of cloud services continues to grow, it’s even more crucial that the strategy can scale to meet the rising demands to increase the number of vendors. This is where many companies are falling short today.
![The “Swap” Model: Is Your Goal to Mitigate Risk...Or Just Move it Around?](/sites/default/files/styles/4_3_small/public/migration/images/7.25-Blog-Thumb_1.png.webp?itok=fWub5BOs)
In today’s security ratings services market, a few companies have offerings described as “swaps” or “slots.” When considering third party monitoring, this gives organizations the option to “trade out” which vendors they are monitoring when they see fit. But, does this type of disjointed monitoring actually proactively mitigate risk (which is the goal of utilizing a security ratings service) or just shift it around and hide it? This approach poses several problems.
![Catching the Blind Spots of Vendor Risk Management](/sites/default/files/styles/4_3_small/public/migration/images/VRM-Blind-Spots-Blog-Thumb_1.png.webp?itok=FgUSqlOA)
In today’s day and age, organizations understand that data breaches are a growing problem, but many fail to realize that a third party breach can impact them as much as a breach on their own network. Here we’ll examine several misconceptions surrounding vendor risk management (VRM), and how you can proactively create a strategy to avoid common pitfalls.
![8 Free Cybersecurity Resources For Risk Managers & CISOs](/sites/default/files/styles/4_3_small/public/migration/images/cybersecurity_resources_full_1.jpg.webp?itok=cM_NFoLT)
Anyone who works in cybersecurity or organizational risk on a regular basis knows how valuable it is to stay up to date on the latest research. If you’re curious about a specific topic—anything from vendor security assessments to ransomware—or you want to improve your vendor risk management program, take a look at the cybersecurity resources and tips below. We’ve rounded up Bitsight’s most frequently downloaded guides, white papers, and research insights. And the best part? They’re all free.
![Keeping Your Reputation Safe: Why Monitoring the Attribution of IP Addresses Matters](/sites/default/files/styles/4_3_small/public/migration/images/IP-Registration-Blog-Thumb_1.png.webp?itok=10Qmu4r7)
Bitsight Security Ratings are based on security events and configurations present on a company’s digital infrastructure. As we discuss these ratings with companies, we’ve found that many of them have infrastructure registered to them that they are unaware of. With the recent WannaCry ransomware attacks (and with the increased frequency of cyber incidents overall), it is becoming critical that organizations take a more thorough look at their infrastructure. This preventative measure can help identify any vulnerabilities or malicious activity on unmonitored parts of a network, as well as confirm that accuracy of registrations.
![5 Credible Cybersecurity Threats To The Financial Services Sector](/sites/default/files/styles/4_3_small/public/migration/images/cybersecurity_financialservices_full_1.jpg.webp?itok=hWNB9eZQ)
The financial services sector has traditionally been viewed as highly mature when it comes to cybersecurity initiatives. In fact, this Bitsight Insights report found that the financial sector had the highest Security Rating of all examined industries. But even though companies in the financial sector has been discussing the necessity of monitoring cybersecurity for quite some time, the threat landscape is constantly evolving—leading to a more complex cyber ecosystem every day. This makes it all the more critical to be proactive when it comes to cybersecurity issues.
![BitSight Helps Scale the Current Vendor Risk Assessment Approach](/sites/default/files/styles/4_3_small/public/migration/images/5.30.VendorRiskManagementBlogFull_1.png.webp?itok=YKlLLxt_)
While your current Vendor Risk Management (VRM) or Third-Party Risk Management (TPRM) program may have areas of strength, there is most certainly room for improvement. These programs are a significant driver of both internal and external advisor time, extremely costly, and limited in scale. How can you harness more actionable insight to scale your program and truly and continuously understand the cybersecurity of your third parties? Using Bitsight Security Ratings, you can see a positive impact on your TPRM/VRM program by getting more value out of what you are already doing.
![Vendor Risk Management: 5 Ways To Improve Your Efficiency](/sites/default/files/styles/4_3_small/public/migration/images/Vendor%2520Risk%2520Management%25205%2520Ways%2520To%2520Improve%2520Your%2520Efficiency%2520-%2520thumb_1.jpg.webp?itok=7SIyApcR)
Consider this: If you’re part of a large company with thousands of suppliers, you need efficient processes and tools to get a good sense of the risk those suppliers present. If you’re a part of (or own) a small company with only 20 suppliers, you likely don’t have a team of full-time employees dedicated to vendor risk assessment—which makes efficient processes critical for you as well.
![Two Years Later, Still at Least Twice as Likely](/sites/default/files/styles/4_3_small/public/migration/images/5.1.17blogthumbnail_1.png.webp?itok=Xujdkln3)
In 2015, Bitsight published a report, Beware the Botnets: Botnets Correlated to a Higher Likelihood of a Significant Breach. In that report, researchers discovered that companies with botnet grades of ‘B’ or lower were more than twice as likely to experience a significant data breach. Now two years since that study, researchers examined more than 70,000 organizations and found similar results, including additional risk vectors that correlate to an increased likelihood of an organization experiencing a breach. Organizations have begun to take action based on these findings by communicating with trusted third parties who are likely to experience a data breach based on their security posture.
![The 8 Most-Read Cybersecurity Articles On The BitSight Blog](/sites/default/files/styles/4_3_small/public/migration/images/Thumb-cyber-security-articles_1.jpg.webp?itok=eU8-9tP5)
Among other things, cybersecurity is a primary focus on the Bitsight blog. The following is a list of Bitsight’s most-read cybersecurity articles and resources on the topic over the past couple of years, along with a description of what you’ll find in each.