Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Slicing through CISA’s KEV Catalog
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
We are excited to announce the availability of the Moody’s Investor Services 2022 Cyber Risk Outlook. The report, which leverages data provided by Bitsight, outlines factors shaping the landscape for cyber risk in 2022. Bitsight is proud to partner with Moody’s on this important research.
Gaps in security controls can be hard to detect. Misconfigured software, open ports, and unpatched systems all expose your organization to cyber risk. They also negatively impact your Bitsight Security Rating.
Today, the Cybersecurity and Infrastructure Security Agency (CISA) issued Binding Operational Directive (BOD) 22-01, Reducing the Significant Risk of Known Exploited Vulnerabilities, to drive urgent and prioritized remediation of vulnerabilities that are being actively exploited by adversaries.
This directive includes an update to CISA's catalog of “known exploited vulnerabilities,” part of an ongoing effort encourage organizations to reduce risk within their attack surface. Bitsight is proud to partner with CISA on these critical efforts.
In the past few weeks, Bitsight has conducted research on two of the vulnerabilities in the CISA list: CVE-2021-41773 and CVE-2021-42013. These vulnerabilities were introduced via a recent Apache Server update and highlight the importance of an effective software update and patch management strategy as well as the need for third-party risk management.
This directive includes an update to CISA's catalog of “known exploited vulnerabilities,” part of an ongoing effort encourage organizations to reduce risk within their attack surface. Bitsight is proud to partner with CISA on these critical efforts.
In the past few weeks, Bitsight has conducted research on two of the vulnerabilities in the CISA list: CVE-2021-41773 and CVE-2021-42013. These vulnerabilities were introduced via a recent Apache Server update and highlight the importance of an effective software update and patch management strategy as well as the need for third-party risk management.
We are excited to announce a new research partnership with the Cambridge Centre for Risk Studies (CCRS). Our joint research will analyze the relationship between organizational cybersecurity investments and risk reduction.
Bitsight is committed to creating trustworthy, data-driven, and actionable measurements of organizational cybersecurity performance.
To serve your customers and realize efficiencies, your organization may work with dozens if not hundreds of third parties including partners, vendors, cloud service providers, and subcontractors.
A new study published in the Journal of the American Medical Informatics Association (JAMIA) provides brand new perspectives on the state of hospital cybersecurity performance.
Hospitals, doctors’ networks, insurance companies, and other healthcare organizations are guardians of valuable protected health information (PHI).
Facebook and the apps under its umbrella, including Instagram and WhatsApp, were inaccessible for hours on Monday.
Cybersecurity is a critical risk that can materially impact a company’s bottom line. Unfortunately, investors are largely in the dark when it comes to understanding the cybersecurity of the companies in which they invest.
Recent Bitsight research shows healthcare organizations that display poor patching cadence can be up to 7x more likely to experience ransomware.
Cyber risk management should be a priority for any organization. And while there are many measures your business can take to reduce cybersecurity risk across the enterprise, how do you discover and remediate unknown risks that may be lurking in the networks of third parties?
Ransomware is rapidly becoming the most common form of cyberattack. According to the Verizon 2021 Data Breach Investigations Report, ransomware incidents have doubled year-over-year with headline-grabbing consequences.
As if reflecting this trend, cyber insurance ransomware claims have also risen. Data collected by the University of Cambridge found that, in 2020, ransomware comprised 54% of insurance claims compared to just 13% between 2014 and 2019.
As if reflecting this trend, cyber insurance ransomware claims have also risen. Data collected by the University of Cambridge found that, in 2020, ransomware comprised 54% of insurance claims compared to just 13% between 2014 and 2019.
In early September, a threat actor leaked nearly 500,000 Fortinet VPN login names and passwords that were allegedly scraped from vulnerable devices last summer. The leaked credentials could allow hackers to access an exposed network to perform data exfiltration, install malware, and perform ransomware attacks. Bitsight was able to verify that 98% of the IP addresses in the leaked files were, in fact, running Fortinet VPN servers within the past 12 months.
Cybersecurity is one of the biggest threats to global commerce in the 21st century.