Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Slicing through CISA’s KEV Catalog
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
Rapidly evolving risk and the digitization of banking is creating new threats. Here are three cybersecurity in banking trends to watch this year.
As internet use continues moving toward a mobile-centric experience, it has become essential to consider mobile applications when crafting a security strategy. Bitsight’s latest research demonstrates exactly why. We are excited to announce that Bitsight Insights: Mobile Application Risk Report is available now.
Learn how to protect your organization’s “crown jewels” with these do’s and don’ts of sensitive data sharing with vendors.
What is information risk management? Learn more about how the classic equation of threat x vulnerability x consequence helps inform your cybersecurity risk management strategy.
The Digital Operational Resilience Act is set to go into action in early 2022. Learn how Bitsight can help your organization meet the compliance requirements.
What does your organization consider an acceptable level of inherent cyber risk in its vendor portfolio? Learn how to establish that threshold and focus resources where they’re needed most.
Learn how to use cyber risk data to protect your organization and its financial assets.
As 2021 comes to a close, we thought it might be a good idea to look back at some of our research from the year. Bitsight investigated a variety of topics including ransomware, vulnerability mitigation, and RSA key generation flaws. We also studied specific vulnerabilities in Microsoft Exchange Server, Apache Server 2.4, and Apache Log4j.
Ransomware attacks are on the rise, doubling in the last year alone. But why has ransomware emerged as the weapon of choice for bad actors? The answer comes down to time and money.
Thanks to the proliferation of ransomware-as-a-service (RaaS), ransomware attacks are significantly cheaper to execute and require less skill than other forms of breaches. They are also highly profitable.
Thanks to the proliferation of ransomware-as-a-service (RaaS), ransomware attacks are significantly cheaper to execute and require less skill than other forms of breaches. They are also highly profitable.
Cybersecurity is a priority for any organization and a big-ticket budget line item. But before investments in security are made, your organization must understand what it is doing right and where improvements to your cybersecurity program are needed.
Typically, this involves conducting a periodic security audit. But these assessments only capture a point-in-time view of the effectiveness of your security controls – and are incredibly resource-intensive.
Typically, this involves conducting a periodic security audit. But these assessments only capture a point-in-time view of the effectiveness of your security controls – and are incredibly resource-intensive.
A critical vulnerability that allows for unauthenticated remote code execution has been discovered in Apache Log4j 2, an open source Java logging tool. The Apache Software Foundation has identified the vulnerability as CVE-2021-44228.
“34% of companies [in portfolios] we examined had at least one exposed Java-based server. Not all of those use Log4j, but that gives a rough sense of the scale of exposure,” said Ethan Geil, Senior Director, Data and Research.
“34% of companies [in portfolios] we examined had at least one exposed Java-based server. Not all of those use Log4j, but that gives a rough sense of the scale of exposure,” said Ethan Geil, Senior Director, Data and Research.
You can’t reduce the cyber risks faced by your organization if you don’t know what you’re up against. That’s the purpose of a vulnerability probe.
The last two years have introduced new challenges to organizations across the globe -- from managing business operations through an ongoing pandemic; to a rapid-fire pivot to a digital mode of work; to an increase in cyber attacks targeting businesses directly, and through their supply chains.
There are many ways that a bad actor can infiltrate your IT infrastructure and begin sifting through your data. These vulnerable entry points are known as risk vectors and include insecure endpoints, unsupported mobile devices, unpatched systems, and more.
Recent Bitsight research shows that 75% of retail businesses may be at increased risk of ransomware attacks as indicated by poor TLS/SSL configuration management. With the holiday shopping season upon us, it's more important than ever for retailers to evaluate their security posture.
Large retail businesses may have hundreds or even thousands of TLS/SSL certificates identifying specific Internet-connected devices. Plus, many lack an organization-wide framework for discovering, cataloging, and managing TLS/SSL configurations. Instead, management is conducted on an ad hoc basis, usually at a departmental level.
Large retail businesses may have hundreds or even thousands of TLS/SSL certificates identifying specific Internet-connected devices. Plus, many lack an organization-wide framework for discovering, cataloging, and managing TLS/SSL configurations. Instead, management is conducted on an ad hoc basis, usually at a departmental level.