Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Slicing through CISA’s KEV Catalog
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
When you think of an audit, what comes to mind? If you’re at all familiar with the traditional auditing process, I’d imagine your answer would look something like this:
Today, we are pleased to announce that NAFCU Services has selected Bitsight as a Preferred Partner, giving its member credit unions access to Bitsight Security Ratings. The partnership is very timely: credit unions have been increasingly targeted with cyber attacks. A recent survey found that 84.4% of credit unions were impacted by a data breach in the last two years.
Your organization probably deals with handfuls (or maybe hundreds) of vendors. Whatever the case may be, having a comprehensive third-party risk management solution is the best way to protect yourself against cyber mischief.
Last week, Walmart Canada, Rite-Aid, CVS, and Sam’s Club were among the retailers to suspend their online photo operations due to a possible data breach of third-party photo service provider PNI Digital (a Staples subsidiary). This is the latest cyber incident to affect the retail industry, which has witnessed a number of high-profile breaches involving third-party vendors in recent years.
In recent months, we’ve seen a variety of regulators from Finance to Defense cite the importance of third party cyber risk management. You can now add the Federal Trade Commission to the list.
In business and in life, safety is always made a priority. From simple day-to-day tasks like wearing a seatbelt, to important business security decisions, prioritizing our safety and the safety of our families and valuable information is of utmost importance. But this process isn’t always easy. It seems like there are new security threats, from computer hackers and otherwise, that force us to find new ways to protect ourselves on a near-constant basis.
When I was a young pup studying statistics, I remember reading about a study on weight loss that found three factors correlated with weight loss: weighing yourself daily, eating a good breakfast and having access to work out equipment at home. While none of these cause weight loss directly, together they indicate a passion for and dedication to a healthy lifestyle. Connections like this, where subtle observations can lead to a larger understanding, have always been an interest for me and have driven me forward in my career.
If your organization outsources to vendors, you are probably involved in a lot of due diligence. You may be looking at and verifying credit checks, getting background reports, monitoring legal standings and litigation, ensuring that third parties pay their bills and don’t employ criminals, and more.
This is the second post in a series exploring how Security Ratings can address key components of the NIST cybersecurity guidelines. You can read the first post here.
Handling cyber risk in your organization’s supply chain isn’t easy. This aspect of Supply Chain Risk Management is a complex problem that even highly sophisticated organizations—like the Department of Defense—struggle to address.
Today, Bitsight is excited to announce that we have raised $23 million in Series B funding. The additional funding will allow Bitsight to keep hiring exceptional talent, as well as extend sales and marketing initiatives in Europe and in the Asia-Pacific region. The funding will also allow us to accelerate the development of new data analytic products and add to our extensive data resources to ensure the most accurate ratings possible. Bitsight is thriled to have Comcast Ventures join as a new investor. We’re also thrilled that all of our current investors participated in this new round!
In the majority of organizations, vendor risk management is still a highly manual process, making risk assessments a labor intensive exercise for all parties that are involved. This is why, at best, most vendor management programs only assess third parties on an annual basis or during contract negotiation. However, risk managers know from securing their own networks that annual assessments tell us little about how effectively they are responding to emerging threats or addressing new vulnerabilities. So, how are annual vendor risk assessments making us more secure?
Last week, Bitsight co-sponsored a webinar with Advisen on the use of risk mitigation services for cyber insurance underwriting. Ira Scharf, GM of Cyber Insurance at Bitsight, joined Tracie Grella of AIG and Neeraj Sanhi of Willis Group to discuss several topics in this emerging field. Here are some of the highlights:
Recent breaches making headlines all share a troubling characteristic. In each breach detailed below, the intrusions of company networks lasted months - or in other cases, even longer than a year. While no company is impervious to a breach, one thing organizations can control is how quickly they respond to security incidents. The longer compromises remain neglected and unresolved, the more likely that a large-scale breach will occur, resulting in significant data loss.
I received the following questions from an inquisitive undergraduate student eager to learn more about Bitsight and security ratings. He posed excellent and insightful questions, and I thought that I would share our exchange in case others might be wanting to ask the same questions. Thanks, Nick!