Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
![Blog Image KEV Research Announcement](/sites/default/files/styles/cta/public/2024/05/01/Blog%20Image%20KEV%20Research%20Announcement.png?itok=dUMFV8Tg)
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
![Third-Party Risk Management Best Practices for Enterprise](/sites/default/files/styles/4_3_small/public/migration/images/Third-Party%2520Risk%2520Management%2520Best%2520Practices%2520for%2520Enterprise%2520Blog_1.jpg.webp?itok=FUS6QwU5)
Companies are becoming increasingly reliant on third-party relationships, and cyber attacks originating in the systems of third parties are on the rise.
![Creating a Cybersecurity Awareness Culture at Financial Institutions](/sites/default/files/styles/4_3_small/public/migration/images/Creating_a_Cybersecurity_Awareness_Culture_at_Financial_Institutions_1.jpg.webp?itok=iUxlRJ1S)
Banks and other financial institutions have always been burdened with a greater need for security than other industries. In the past, that meant hiring 24/7 guards and locking cash away in reinforced bank vaults. Today, it means having best-in-class cybersecurity teams and state-of-the-art detection and response technology.However, when it comes to preventing data breaches, having the best cybersecurity experts and the fanciest tech isn’t always enough. Here’s how the FDIC puts it in their Framework for Cybersecurity:
![Third Party Tiering: The Cornerstone of a Strong Third-Party Risk Management Program](/sites/default/files/styles/4_3_small/public/migration/images/bigstock-Business-Hierarchy-Ranking-An-196512991_1.jpg.webp?itok=CXLZmNjX)
With the number of third parties connected to businesses increasing, risk and security teams need to ensure they are spending the right amount of attention on the right third parties. To do this, organizations need a clearly defined, tiered portfolio of third parties, vendors, and suppliers. Today, many companies tier their third parties based on the inherent risk they present, and the types of data they handle or have access to.
![Building Trust in the Digital Era -The Importance of Effective Cybersecurity and Exposure Management](/sites/default/files/styles/4_3_small/public/2023/03/22/Building%20Trust%20in%20the%20Digital%20Era-The%20Importance%20of%20Effective%20Cybersecurity%20and%20Exposure%20Management.jpg.webp?itok=NUyOwQNa)
How cybersecurity leaders can manage an expanding attack surface, increasing vulnerabilities, and growing demands from stakeholders.
![third party vulnerability response](/sites/default/files/styles/4_3_small/public/2023/04/19/Header_TPRM%20VULN.png.webp?itok=5UPXQoau)
With the launch of Bitsight Third-Party Vulnerability Response, we are making it easier for organizations to initiate vendor outreach and track responses to critical vulnerabilities.
![Cyber Insurance Underwriting: What Role Do Security Ratings Play?](/sites/default/files/styles/4_3_small/public/migration/images/Cyber%2520Insurance%2520Underwriting%2520-%2520thumb_1.jpg.webp?itok=2mi-Yqqs)
If you’re involved in the cyber insurance underwriting process—from the transaction to the ongoing operations—you’re constantly looking for things to help you (and your team) select better risks. Here are three specific ways Bitsight’s Security Ratings platform can play an integral role in the underwriting process.
![Threat Detection: What it is and How to Do it Effectively](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1304697985.jpg.webp?itok=FIjP6GzK)
We all know threat detection is important, but what exactly is it, and why is it so hard to do effectively? In light of recent cyber attacks on U.S. infrastructure and the ongoing threat from the group behind the SolarWinds breach, these questions loom large.
![Cyber Resilience vs. Cybersecurity: A Quick Comparison of Terms](/sites/default/files/styles/4_3_small/public/migration/images/Cybersecurity%2520Vs%2520Cyber%2520Resilience%2520-%2520thumb_1.jpg.webp?itok=oZ-Bd4h6)
If you operate in the cybersecurity or business continuity space, you’ve probably heard some reference to cyber resilience. While it has become a bit of an industry buzzword, it’s also a useful construct that should have important implications on your security strategy. Here are our thoughts on how cyber resilience compares to cybersecurity — and why the two terms cannot be used interchangeably.
![Tips for Explaining Technical Things in Simple Terms to Non-Technical Executives](/sites/default/files/styles/4_3_small/public/migration/images/1.22-Technical-Terms-Blog-Thumb_1.png.webp?itok=DwS7V6Nh)
You don’t have to be a CIO to know that a great IT department is crucial to the success of any large organization. With the rise of big data, artificial intelligence, and the Internet of Things, technology promises to become an even more fundamental part of competitive corporate strategies in every industry.
![Future Proofing Your TPRM Program](/sites/default/files/styles/4_3_small/public/2023/10/03/Future%20Proofing%20Your%20TPRM%20Program.jpg.webp?itok=xL2c4aiD)
Explore the importance of long-term planning, unified solutions, and innovation in third-party cyber risk management.
![Cyber resilience vs cybersecurity, two people creating a plan for each](/sites/default/files/styles/4_3_small/public/2022/01/14/Cyber%20Resilience%20vs%20Cybersecurity%2C%20sized.jpg.webp?itok=GCRB5wn4)
What is cyber resilience vs. cybersecurity and why in today’s digital economy you need a plan for both.
![Ransomware](/sites/default/files/styles/4_3_small/public/2021/11/14/8%20Recent%20Dangerous%20Ransomware%20Examples.jpg.webp?itok=AAN80MPg)
Recent Bitsight research shows that 76% of healthcare organizations may be at increased risk of ransomware attacks due to poor TLS/SSL configuration management.
![Independent benchmarking for SEC disclosure strategy](/sites/default/files/styles/4_3_small/public/2023/08/03/Benchmarking%20data%20SEC%2C%20SIZED.jpeg.webp?itok=o0UYIR-0)
What exactly is a “material” cybersecurity incident as defined in the latest SEC cybersecurity disclosure requirements? Let's find out.
![Why Cyber Risk Aggregation is Important to Your Organization’s Security](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1202577088.png.webp?itok=R-N-N9qq)
A single unauthorized device being used on your network. An unsanctioned application someone’s accessing from their non-secure home PC. A small vendor with a seemingly insignificant vulnerability.
![cyber risk appetite](/sites/default/files/styles/4_3_small/public/2021/11/14/cyber%20risk%20appetite.jpg.webp?itok=0bl9Z0Hz)
As cyberattacks surge, you’re charged with protecting your organization’s expanding digital footprint. But what about the risk posed by vendors?