Insights blog.

The payment card industry (PCI) has long been a Holy Grail target for bad actors for obvious reasons. Visa, Mastercard, and American Express account for the bulk of the consumer financial activity in the United States. Breaching them would be an unimaginable windfall for hackers--and, undoubtedly, an unmitigated disaster for the world’s economy. 

The process of removing an association with a CIDR range can be time consuming and frustrating; in light of this, Bitsight has created a program to facilitate and simplify the process.

We build on our previous work and look into how threat actors are abusing SLP to launch reflection/amplification DDoS attacks, their evolution, and what targets are they focused on at the moment.

Hardly a day goes by without the emergence of a disturbing new trend in cyber crime or headline-grabbing hack. Hackers are getting smarter and threat vectors are constantly evolving. The escalating threat is forcing businesses to file more cyber insurance claims than ever. But are they taking the proactive steps necessary to boost their security postures and become a better underwriting risk?

Taking back control of your network in light of hackers’ growing sophistication can be time-consuming. Even well-established organizations with money to spend on solid cybersecurity programs are still falling victim to some of the new sneaky breach attempts, as seen with this year's ransomware attacks.

But as your digital infrastructure expands, understanding where cyber risk lies hidden can be challenging. In this increasingly diverse environment, your security team ends up buried in a sea of data and alerts — and may end up missing something important. They are also hopping between multiple tools and lack a complete picture of your company’s security posture.

Rather than play whack-a-mole with threats, here are three reasons you should focus on attack surface scanning to mitigate risk.

Bitsight and Google have collaborated to study global organizational performance across cybersecurity controls in the Minimum Viable Secure Product (MVSP) framework.

When we talk about cybersecurity events, we often discuss “the three principles of security” — which can be abbreviated as “CIA”: 

Quantitative risk assessments in cybersecurity draw on data and analytics to help you understand the probability of risk and inform strategic management decisions.

There is a parallel universe in the cyber world known as the “Dark Web.” It’s a part of the Internet inaccessible via standard browsers or search engines, and it’s where cyber criminals share botnet kits, trade bitcoins, and recruit other hackers to carry out attacks. Over the years, the “Dark Web” has also provided an anonymous marketplace for criminals to sell information stolen from data breaches. An example is from 2015, when nearly 10GBs of data including account details and passwords for some 32 million users of Ashley Madison, were posted on the dark web.

Traditional vendor risk management methods fail to capture new and evolving risks. Learn how a better approach to VRM can benefit your organization.

See risk, drive action across your entire vendor portfolio.

Reading the top cybersecurity blogs is, of course, one of the best ways to stay up on the latest news in the security industry. But while these niche blogs do often address news stories, most often they’re doing so while also interjecting their own opinions. And sometimes you just need the straight, unbiased facts. 

The Bitsight Ratings Tree gives you insight into the different portions of your business to identify gaps and weaknesses in your program performance.

Your attack surface is expanding everyday. Learn how external attack surface management can help you understand what you’re up against and inform remediation.

As the digital transformation of enterprises continues to accelerate, cyber risk remains a top concern for business leaders. But cyber risk is often thought about in technical terms as opposed to business terms — making it more important than ever for security leaders to educate their board and other non-technical stakeholders on what cyber risk really means to their organization.