Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
![Blog Image KEV Research Announcement](/sites/default/files/styles/cta/public/2024/05/01/Blog%20Image%20KEV%20Research%20Announcement.png?itok=dUMFV8Tg)
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
![Security Ratings of U.S. Federal Agencies & Government Contractors](/sites/default/files/styles/4_3_small/public/2022/05/27/2.19-Federal-BitSight-Insights-Blog-Thumb_1.png.webp?itok=76rJjhuT)
The federal government relies on tens of thousands of contractors and subcontractors — often referred to as the federal “supply chain” — to provide critical services, hold or maintain sensitive data, deliver technology, and perform key functions. Along with the Federal Government itself, these contractors and subcontractors face a multitude of cyber threats.
![Break Out Of The Tinynuke Malware](/sites/default/files/styles/4_3_small/public/migration/images/2.2-Tinynuke-Blog-Thumb_1.png.webp?itok=DDSr8s_e)
New Tinynuke variant with a DGA in the wild
![Upgrading to the Django Rest Framework V3](/sites/default/files/styles/4_3_small/public/migration/images/1.25-Engineering-Blog-Thumb_1.png.webp?itok=8pL7yXR7)
Due to security, reliability, and growth reasons, organizations are constantly upgrading their software to newer releases. Some upgrades are incremental and minor in nature. Others, like the upgrade from Django Rest Framework (DRF) V2 to V3, require coding changes due to incompatibilities between the releases. This article is about Bitsight's upgrade experience, lessons learned, and how we improved because of it.
![BitSight Hackathon 2017](/sites/default/files/styles/4_3_small/public/migration/images/BitSight-Hackathon-4_1.png.webp?itok=fPbfA3cm)
For the second year in a row, Bitsight gave its engineers, product managers, and data and research scientists the day off from normal work to make something cool. The hackathon day had all the typical stuff: awesome custom-designed t-shirts, pizza for lunch, and a demo day the next day. The only “requirement” for teams was that they produce a working prototype to demo. We wanted actual code (not great code, necessarily, but code), not just design mocks.
![A Year in Review: A Look Back on BitSight’s 2017](/sites/default/files/styles/4_3_small/public/migration/images/12.8-Year-In-Review-Blog-Thumb_1.png.webp?itok=-YIG3gCa)
As 2017 draws to a close, we can’t help but be grateful for what a banner year this has been for Bitsight.
![BitSight Executive Chairman of the Board Receives Recognition By Ronald McDonald House](/sites/default/files/styles/4_3_small/public/migration/images/ronald-mcdonald-house-blog-full_1.png.webp?itok=r0FRxiFV)
Over 15 years ago, Shaun McConnon, Bitsight’s former CEO and current Executive Chairman of the Board, became involved with giving back to the local Boston community. Shaun and his wife, Bonnie, sat on the Board for a Sudbury-based charity benefitting children with cancer, which was affiliated with the first Proton Beam at Massachusetts General Hospital (MGH).
![BitSight Reaches Milestone of 110K Human Validated Organizations](/sites/default/files/styles/4_3_small/public/migration/images/11.10-110k-blog-thumb_1.png.webp?itok=X1JT3Lrt)
This October, Bitsight celebrated another very important milestone as the leader and pioneer of the security ratings market: now, Bitsight has high-quality, historical data on over 110,000 global organizations at users’ fingertips.
![BitSight’s Newest Alerting Capabilities Showcase Evolution of Leading Security Rating Service](/sites/default/files/styles/4_3_small/public/migration/images/10.20-Blog-Thumb_1.png.webp?itok=Bc_W6r-6)
This August, Bitsight announced the release of several new risk vectors specifically chosen to help organizations identify and manage risks across their own networks and the networks of their third parties. Bitsight chose those new risk vectors to enhance the insights across the “spectrum of risk” and provide a more comprehensive picture of an organization’s security posture.
![Announcing BitSight Executive Reports](/sites/default/files/styles/4_3_small/public/migration/images/10.10-Executive-Reporting-Thumb_1.png.webp?itok=cjL0XfbU)
An increasing number of security and risk management executives are being asked to present to the Board of Directors on the state of their — and their third parties’ — security and risk programs. A recent joint survey by Veracode and NYSE found that nearly 80% of directors said that cybersecurity topics are discussed at nearly every board meeting.
![Making Vendor Risk Collaborative, Not Combative](/sites/default/files/styles/4_3_small/public/migration/images/Vendor-Access-Blog-Thumb_1.jpg.webp?itok=Zx5g1Mhj)
Reducing cyber risk that stems from third and fourth party vendors is no easy task. It requires that organizations not only have the ability to continuously monitor and identify new risk, but also the ability to work with their vendors to fix security issues quickly. Getting to risk reduction quickly means that both organizations are communicating effectively, using data and evidence rather than conjecture to make progress.
![Are Vendors Meeting Your Company’s Security Standards?](/sites/default/files/styles/4_3_small/public/migration/images/9.28-Insights-Blog-Thumb_2.png.webp?itok=52PXU3n1)
When it comes to vendor risk management, organizations ultimately need their vendors to meet the same standard of security performance they hold for their own organization. For years, the Finance industry has been a trailblazer in managing the risk posed by vendors, suppliers, and business partners. However, are vendors in the Finance supply chain meeting the same level of security performance held by Finance organizations?
![The Importance of Actionable Metrics in Managing Vendor Risk](/sites/default/files/styles/4_3_small/public/migration/images/9.1-Blog-Thumb_1.png.webp?itok=BAnrvrg5)
In today’s market, an increasing number of security and risk management executives are being asked to present to the Board of Directors on the state of their — and their third parties’ — security and risk programs. Gartner estimates that by 2020, 75% of Fortune Global 500 companies will treat vendor risk management as a board-level initiative to mitigate brand and reputation risk. Bitsight understands that making an organization’s cybersecurity posture accessible to C-level executives and the Board of Directors is becoming more of a requirement within the business; we’ve added capabilities within Bitsight Security Ratings that arm security and risk management executives with actionable metrics that they can share with the Board of Directors.
![Meet Our Engineers: Nick Whalen](/sites/default/files/styles/4_3_small/public/migration/images/EngineerDataScienceBlogFull_14.png.webp?itok=WGJamRF-)
Want to know what it’s like to be an engineer at Bitsight? Check out this Q&A with a member of our engineering team to learn about his role as Team Lead, his experience, and more.
![Meet Our Engineers: Nick Whalen](/sites/default/files/styles/4_3_small/public/migration/images/EngineerDataScienceBlogFull_14.png.webp?itok=WGJamRF-)
Want to know what it’s like to be an engineer at Bitsight? Check out this Q&A with a member of our engineering team to learn about his role as an engineering director, his experience, and more.
![Team Fun In The Summer Sun: Community Engagement at BitSight](/sites/default/files/styles/4_3_small/public/migration/images/Corporate-Cup-Blog-Thumb_1.png.webp?itok=gcISpKLu)
Here @Bitsight, we are committed to our mission to transform the understanding of cyber risk through the usage of Security Ratings. It’s pretty serious stuff and involves lots of inspiration and even more perspiration. BUT we are not just about work. It’s important to us to have balance — to be involved in the local community and also to have plenty of fun.