Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
![Blog Image KEV Research Announcement](/sites/default/files/styles/cta/public/2024/05/01/Blog%20Image%20KEV%20Research%20Announcement.png?itok=dUMFV8Tg)
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
![Analyzing Utilities Sector Cybersecurity Performance](/sites/default/files/styles/4_3_small/public/migration/images/bigstock-High-voltage-Power-Lines-Ele-283705351_1.jpg.webp?itok=GT8Rcaqe)
With economic sanctions being levied by the US against Iran and a trade war heating up with China, some security experts are cautioning that attacks targeting US critical infrastructure may be inevitable. Are electric utilities prepared to defend themselves and their facilities against these attacks?
![Key Risk Indicators (KRIs) Examples](/sites/default/files/styles/4_3_small/public/2023/07/10/Key%20Risk%20Indicators%20Blog.jpg.webp?itok=g42q0uXe)
Key risk indicators (KRIs) can help monitor and control cyber risk. But what KRIs should you focus on?
![ground view of tall skyscrapers on a clear day](/sites/default/files/styles/4_3_small/public/2023/09/19/samson-ZGjbiukp_-A-unsplash.jpg.webp?itok=u38tUe16)
Failing to update your software doesn’t just mean you’re missing out on the latest version—it means you could expose your organization to major security vulnerabilities, like the widespread Apache Log4j2 vulnerability.
![Managing Security Risk in Mergers & Acquisitions](/sites/default/files/styles/4_3_small/public/2022/06/03/MA_Blog_Post_Statistical_Analysis_1.jpg.webp?itok=9UDVRI5e)
Every year, companies spend billions of dollars on mergers and acquisitions. (The value of worldwide M&A deals in 2014 totaled $3.5 trillion.) Managing risk throughout the process is an important element of any merger, but there's one area of risk management that hasn't had the attention it deserves.
![Third-party ecosystem automation](/sites/default/files/styles/4_3_small/public/2022/12/02/Third-Party%20Ecosystem%2C%20SIZED.jpg.webp?itok=Mv5_k3uj)
Learn how to automate cyber risk management across your third-party ecosystem from onboarding through the life of the relationship.
![4 Common Retail Security Threats (and How to Stop Them)](/sites/default/files/styles/4_3_small/public/migration/images/2.%2520retail%2520gift%2520card_1.jpg.webp?itok=gl24d1uS)
The retail industry has always been a favorite target of cyber criminals. We all remember major data breaches like those that affected Target, TJX, and Home Depot — but the truth is that retail security threats have been a daily concern of retailers for a long time.
![network security threats](/sites/default/files/styles/4_3_small/public/2021/11/14/Blog%205%20image.jpg.webp?itok=vA7OMuIQ)
Network security threats are constantly evolving, and right now we’re in the middle of a particularly challenging time. While big-name breaches like SolarWinds and others grab headlines, multitudes of smaller incidents continue to occur everyday, costing companies millions of dollars.
![Weekly Security Risk Management News Round-Up - 9/16/13](/sites/default/files/styles/4_3_small/public/migration/images/6-cybersecurity-kpis-examples-for-your-next-report_4.jpeg.webp?itok=upEyW9VB)
While many IT, security, and risk professionals have developed good metrics and visuals for communicating internally about cyber risk, such as the safety cross and pareto charts, reporting on cybersecurity to non-technical individuals remains challenging.
![quantitative risk](/sites/default/files/styles/4_3_small/public/2022/11/11/shutterstock_758356729.jpg.webp?itok=LaIFQMW_)
Quantitative risk assessments in cybersecurity draw on data and analytics to help you understand the probability of risk and inform strategic management decisions.
![CISO Education Requirements: Degrees, Training Courses, and Certifications](/sites/default/files/styles/4_3_small/public/2022/06/08/AdobeStock_232968888_1.jpg.webp?itok=BinrDNl-)
About 25 years ago, the evolution of the overall digital ecosystem necessitated the creation of the first CISO role. Now, 61% of companies have a CISO.
![Building Trust in the Digital Era -The Importance of Effective Cybersecurity and Exposure Management](/sites/default/files/styles/4_3_small/public/2023/03/22/Building%20Trust%20in%20the%20Digital%20Era-The%20Importance%20of%20Effective%20Cybersecurity%20and%20Exposure%20Management.jpg.webp?itok=NUyOwQNa)
How cybersecurity leaders can manage an expanding attack surface, increasing vulnerabilities, and growing demands from stakeholders.
![cyber risk mitigation](/sites/default/files/styles/4_3_small/public/2021/11/16/cyberrisk%20mitigation.jpg.webp?itok=bH50Ze-R)
While the ongoing wave of digital transformation opens exciting opportunities for innovation, it also widens your attack surface.
![Cyber Security Assessment Tools and Platforms | BitSight](/sites/default/files/styles/4_3_small/public/migration/images/Cybersecurity_Risk_Assessment_Tools_You_Can_Use_Year_Round_2.jpeg.webp?itok=YMKy2vZ9)
When it comes to improving cybersecurity at your organization, there are some fixes that you can undertake with very little preparation. More robust remediation efforts, however, usually start with a cybersecurity risk assessment.
![Cybersecurity Visualization Techniques to Gain Executive Buy-In](/sites/default/files/styles/4_3_small/public/migration/images/Cybersecurity_Visualization_Techniques_to_Gain_Executive_Buy-In_1.jpeg.webp?itok=JekwsjGJ)
CISOs and other security leaders need buy-in from the Board and executive team in order to run effective cybersecurity programs. This requires communicating data about threats and cybersecurity performance in ways that are easy to understand.As a result, cybersecurity visualization is becoming more important than ever. In a field that's as interesting and exciting — and comes with such high stakes — as cybersecurity, you can’t allow knowledge gaps and technical complexity to obscure your message.With high-profile data breaches on everyone’s minds, the Board is becoming more and more involved in cybersecurity decisions. In fact, 45% of board members say they actively participate in setting the security budget at their company. For CISOs, getting the sign-off on necessary IT projects, purchases, and partnerships often involves making impactful arguments to Board members who might not have IT backgrounds. So, what cybersecurity visualization techniques can you use to gain executive buy-in?
![attack vector](/sites/default/files/styles/4_3_small/public/2021/11/14/cyber-security-1.jpg.webp?itok=RAYbO3AK)
Today’s opportunistic hackers are seasoned professionals who are getting more adept at exploiting your organization’s digital attack surface. To do this they employ a variety of attack vectors.