Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
Third parties are essential to helping your business grow and stay competitive. But if you’re not careful, your trusted partnerships can introduce unwanted cyber risk and overhead into your organization.
To protect your organization against cyber security risks, it’s important to have a cyber risk management program in place. But does your organization’s program take into consideration its entire attack surface – including the cloud?
How do cyber insurers determine which organizations are going to be a risk worth taking? It’s more important than ever to continue underwriting good and opportunistic risks, while not overcorrecting for the high loss ratios the industry is seeing. Insureds need to answer two questions: what is good cyber hygiene and how do you measure it?
Your supply chain is more critical now than ever. Vendors and third parties are essential to helping your organization scale to meet demand, gain access to greater resources, respond to new work models, and remain competitive.
Special thanks to Venky Ganesan, the managing director of Menlo Ventures, for his insights into this topic.
Discover the methodology, at a technical level, the Bitsight Security Research team used to evaluate the three critical vulnerabilities affecting MOVEit Transfer.
Most Boards today know that cybersecurity is a critical issue that simply cannot be overlooked — which means many Boards today receive regular briefings on the topic. If you’re a new CIO or CISO (or your organization has just begun this practice) it’s absolutely critical that you establish credibility when you present to your Board of Directors. If you’ve been asked to present and you’ve never briefed a Board of Directors on cybersecurity before, your questions are going to be far different than they would be if you had seven or eight presentations under your belt. So below, we’ve detailed some of the topics you should include in your cybersecurity Board of Directors presentations — for both first timers and seasoned presenters.
Recent events have made cybersecurity a top concern among C-suite executives. The SolarWinds breach, Capital One incident, and Colonial Pipeline attack are just a few of the noteworthy events that have made CEOs and CFOs take active roles in discussions around risk mitigation.
Over the last 5-10 years, we’ve seen a major uptick in the number of regulations across all sectors regarding cybersecurity. The following is a brief look at how cybersecurity regulations have been implemented across seven sectors and divisions.
The red lights are flashing everywhere. News stories are warning about a sharp rise in ransomware attacks, a 2000X fold increase in cybersecurity breaches, and more cyber-related doomsday scenarios. Meanwhile, the Biden Administration released a much-anticipated cybersecurity plan earlier this year, calling for more investments in cybersecurity.
Discover how consolidating your cybersecurity efforts not only saves costs but also enhances your organization's security posture—and that of your vendor ecosystem.
In today’s business landscape, it’s critical to manage the risk that your vendors, or third parties, can pose to your business — and it’s not always the easiest task. It requires that organizations not only have the ability to continuously monitor and identify new risk, but also the ability to work with their vendors to fix security issues quickly. Getting to risk reduction rapidly means that both organizations are communicating effectively, using data and evidence rather than conjecture to make progress.
In 2023, the SEC adopted new cybersecurity disclosure requirements. Learn how shareholders can leverage cybersecurity information for investment decisions and more.
On February 12, 2013, President Barack Obama issued Executive Order 13636, “Improving Critical Infrastructure Cybersecurity,” which called for collaboration between government and the private sector to create a set of standards for organizations to identify, assess, and manage cybersecurity risk. This led to the NIST Cybersecurity Framework (CSF), a way for organizations to manage cybersecurity risk without the need for additional regulatory requirements. According to the Trends in Security Framework Adoption Survey earlier this year by Tenable Network Security, nearly a third of the organizations they surveyed leverage the NIST Cybersecurity Framework, with many respondents viewing it as an industry best practice.
Every organization handles security differently, based on their needs and internal structure — but in some mid-sized and large companies, both the chief information officer (CIO) and the chief information security officer (CISO) are involved.