Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
![Blog Image KEV Research Announcement](/sites/default/files/styles/cta/public/2024/05/01/Blog%20Image%20KEV%20Research%20Announcement.png?itok=dUMFV8Tg)
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
![Developing a Distributed Event Store: Avro + Parquet + Java Reflection](/sites/default/files/styles/4_3_small/public/migration/images/javacup-stock-big_1.jpg.webp?itok=dA1uWseh)
by Nick Whalen and Ethan Geil
![File Sharing is Coming to Town](/sites/default/files/styles/4_3_small/public/migration/images/CTA-Whitepaper-Top_Bottom-File-Sharing-Insights_3.png.webp?itok=_lmb7CS6)
//
Want to learn more about these findings? Download this Bitsight Insights report to learn what file sharing activity means for your business.
Want to learn more about these findings? Download this Bitsight Insights report to learn what file sharing activity means for your business.
![Percentage of p2p Downloads with Malware](/sites/default/files/styles/4_3_small/public/2022/08/03/Q415-Percentage%20of%20p2p%20Downloads%20with%20Malware.jpg.webp?itok=XHCFK7LT)
This is a two-part blog post. First, you'll discover the key findings in our latest Bitsight Insights report titled “Peer-To-Peer Peril: How Peer-To-Peer File Sharing Impacts Vendor Risk and Security Benchmarking.” In the second part, you'll read on to uncover our recommendations for mitigating the risks of peer-to-peer file sharing.
![From the Server Room to the Board Room: Actionable Security Metrics](/sites/default/files/styles/4_3_small/public/migration/images/serversky-stock-thumb_1.png.webp?itok=aF2P5OMl)
As we highlighted in a recent blog post, a diverse range of companies utilize Bitsight Security Ratings to manage cyber risk. Many of our customers are actively using these ratings to manage vendor risks, screen mergers and acquisition targets, underwrite cyber insurance and benchmark security performance. Regardless of how customers use these ratings within their security and risk programs, it is important that the ratings are both actionable and accurate.
![Developing a Distributed Event Store at BitSight: Why We Are Moving Away From HBase](/sites/default/files/styles/4_3_small/public/migration/images/serverroom-stock-thumb_1.jpg.webp?itok=FFQr_JgQ)
by Ethan Geil and Nick Whalen
![Beyond Heartbleed, POODLE & FREAK: SSL Vulnerabilities Persist](/sites/default/files/styles/4_3_small/public/migration/images/ssl-stock-big_1.jpg.webp?itok=RnwUr0w8)
Bitsight’s Third Annual Bitsight Insights Industry Benchmarking Report looked at some of the major SSL vulnerabilities affecting organizations, including Heartbleed, POODLE and FREAK. Bitsight’s analysis found that a sizeable number of companies across all industries were still running services that were vulnerable to these flaws. As mentioned in our report, businesses can leverage this information as a measure to ensure that proper controls are being met internally. In addition, companies can gain insight into the performance of their key third party vendors when it comes to ensuring that they aren’t running vulnerable services.
![OT/IT Convergence: Why Vendor Risk Matters to Energy and Utilities](/sites/default/files/styles/4_3_small/public/migration/images/OTIT-stock-thumb_1.jpg.webp?itok=JxP5mRXu)
Bitsight’s Third Annual Bitsight Insights Industry Benchmark Report: Are Energy and Utilities at Risk of a Major Breach? discussed the growing convergence of operational technologies (OT) and information technology (IT). In short, this issue revolves around making operational technologies internet enabled. These technologies - which include generation, transmission, smart grid systems, meter reading and more - are increasingly being brought online to enable a smarter grid and systems.
![BitSight Insights: Are Energy and Utilities At Risk of a Major Breach?](/sites/default/files/styles/4_3_small/public/migration/images/energgrid-stock-thumb_1.jpg.webp?itok=nWXDByZo)
Today Bitsight published our third annual industry benchmarking report: Are Energy and Utilities At Risk of a Major Breach? This report illustrates the latest security performance of the Finance, Federal Government, Retail, Energy and Utilities, Healthcare, and Education industries. All of these industries hold sensitive data- and as a result they are targets for hackers. Like we do for all of our Bitsight Insights, let’s dive into how each sector performed.
![NAFCU Services Selects BitSight as a Preferred Partner](/sites/default/files/styles/4_3_small/public/migration/images/checkbook-stock-small_1.jpg.webp?itok=QNpoxWJ0)
Today, we are pleased to announce that NAFCU Services has selected Bitsight as a Preferred Partner, giving its member credit unions access to Bitsight Security Ratings. The partnership is very timely: credit unions have been increasingly targeted with cyber attacks. A recent survey found that 84.4% of credit unions were impacted by a data breach in the last two years.
![BitSight Series B Funding: Furthering Our Mission](/sites/default/files/styles/4_3_small/public/migration/images/opendoors-stock-big_1.jpg.webp?itok=escFiT33)
Today, Bitsight is excited to announce that we have raised $23 million in Series B funding. The additional funding will allow Bitsight to keep hiring exceptional talent, as well as extend sales and marketing initiatives in Europe and in the Asia-Pacific region. The funding will also allow us to accelerate the development of new data analytic products and add to our extensive data resources to ensure the most accurate ratings possible. Bitsight is thriled to have Comcast Ventures join as a new investor. We’re also thrilled that all of our current investors participated in this new round!
![Q&A with Stephen Boyer, BitSight's CTO and Cofounder](/sites/default/files/styles/4_3_small/public/migration/images/virtual-tech-small_1.jpg.webp?itok=ppTlO7H4)
I received the following questions from an inquisitive undergraduate student eager to learn more about Bitsight and security ratings. He posed excellent and insightful questions, and I thought that I would share our exchange in case others might be wanting to ask the same questions. Thanks, Nick!
![BitSight Achieves "Cool Vendor" Status in Gartner Report](/sites/default/files/styles/4_3_small/public/migration/images/coolvendorthumb_1.jpg.webp?itok=bkXy_KEJ)
The last few weeks have been a whirlwind of activities here at Bitsight! Between attending and speaking at RSA, participating in the latest Verizon DBIR report, preparing for our session at FS-ISAC, announcing our new partnership with AIG, and being featured as a vendor risk management solution in the Wall Street Journal, we were happy to see the second quarter off to such an exciting start. And then we got even more good news!
![Graph of Botnet Grade Distribution by Industry](/sites/default/files/styles/4_3_small/public/2022/08/26/Q215-Botnet-Graphic-Fig2.jpg.webp?itok=ajvqD2So)
Today Bitsight published our most recent Bitsight Insights report, Beware the Botnets; Botnets Correlated to a Higher Likelihood of a Significant Breach. Within this report Bitsight has identified a solid correlation between botnet infections and publicly disclosed breaches. To arrive at this finding, Bitsight leveraged botnet grades that are available to all customers in the Security Ratings platform. These letter grades, which are available for a wide range of risk vectors, provide insight into a company’s performance relative to others. These grades also take into account factors such as frequency, severity, and duration (for events) as well as record quality, evaluated based on industry-standard criteria (for diligence).
![Third-Party Risk Management Insights: 2015 Gartner Security & Risk Summit](/sites/default/files/styles/4_3_small/public/migration/images/cta-banner-bg_34.png.webp?itok=ArzrhB3E)
In recent years, the US government has become a leading advocate for continuous monitoring of security threats and vulnerabilities. But how effectively are departments and agencies in implementing these programs? And how do we measure success?
![BitSight Expands Breadth and Transparency of Security Ratings](/sites/default/files/styles/4_3_small/public/migration/images/XkINedUXHn-QdCtlH8cjywzpC59nPqlOpLFCCOO7NAitjAEAxfeOuxopLt_J1ssa7trT62mhocKP_9L2X8RnVFCRYcg7lsfXbvMSuYKLBwz2Re2IMkzFH2sJ7dK4oUuvbg_1.webp?itok=sE7Eylp-)
Bitsight has released new capabilities and features in the Bitsight Security Ratings portal to widen the data breadth offered to customers and give more detailed, granular performance analytics on specific risk vectors. These changes are available to all enterprise, team, and individual tier customers today.