Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
![Blog Image KEV Research Announcement](/sites/default/files/styles/cta/public/2024/05/01/Blog%20Image%20KEV%20Research%20Announcement.png?itok=dUMFV8Tg)
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
![5 vendor evaluation tools to add to your cyber risk management toolkit](/sites/default/files/styles/4_3_small/public/2021/12/10/5%20vendor%20evaluation%20tools%20to%20add%20to%20your%20cyber%20risk%20management%20toolkit.png.webp?itok=5jgMMpvG)
Five of the most critical vendor evaluation tools that you should have in your cybersecurity risk management toolkit.
![Why The DOD Is Making Cybersecurity Maturity Evaluation Mandatory (And Why You Should Too)](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_596787824_1.jpg.webp?itok=8NcYl9_G)
Government agencies in the United States are yet again suffering from a widespread data hack, this time originating from Microsoft Exchange servers. This breach comes less than five months after the SolarWinds breach exposed vulnerabilities across dozens of industries, including government agencies. How is the government pivoting to protect their network from these increasingly widespread attacks?
![5 Tips to Improve Cyber Security Monitoring of Your Vendors](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_239364013_1.jpg.webp?itok=Kz7cTys7)
What’s the biggest struggle your vendor risk managers face when establishing cyber security monitoring processes? From sudden increases in the use of third-parties by your organization, to not knowing which vendors might be impacted by the current data breach, vendor risk managers are plagued by challenges and roadblocks that impede their program efficiency.
![Australia](/sites/default/files/styles/4_3_small/public/2023/09/06/Australia.jpg.webp?itok=C9Q2A-R2)
The Australian Prudential Regulation Authority (APRA) has introduced CPS 234. Learn about the regulation and how cybersecurity is now at the forefront.
![Cybersecurity Policy & The Role Of The Executive Team](/sites/default/files/styles/4_3_small/public/migration/images/Thumb-Cybersecurity_Policy__The_Role_Of_The_Executive_Team_4.jpg.webp?itok=V_hRiQMr)
One of the primary roles of senior executives—from the CISO to the general council and all the way up to the board of directors—is to ensure that an organization has policies set in place for cybersecurity.
![vendor risk assessment tips](/sites/default/files/styles/4_3_small/public/2023/05/29/vendor%20risk%20assessment%20tips.jpeg.webp?itok=qW3z08B0)
Follow these tips to make sure all your vendors continuously meet your security standards.
![What are Software Supply Chain Attacks?](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1704511693.jpg.webp?itok=ZfNHl-A8)
Digital vendors are now the avenue of choice for cybercriminals to perpetrate cyberattacks. Learn how you can defend your organization against a software supply chain attack.
![Cyber Security Assessment Tools and Platforms | BitSight](/sites/default/files/styles/4_3_small/public/migration/images/Cybersecurity_Risk_Assessment_Tools_You_Can_Use_Year_Round_2.jpeg.webp?itok=YMKy2vZ9)
When it comes to improving cybersecurity at your organization, there are some fixes that you can undertake with very little preparation. More robust remediation efforts, however, usually start with a cybersecurity risk assessment.
![Cybersecurity Visualization Techniques to Gain Executive Buy-In](/sites/default/files/styles/4_3_small/public/migration/images/Cybersecurity_Visualization_Techniques_to_Gain_Executive_Buy-In_1.jpeg.webp?itok=JekwsjGJ)
CISOs and other security leaders need buy-in from the Board and executive team in order to run effective cybersecurity programs. This requires communicating data about threats and cybersecurity performance in ways that are easy to understand.As a result, cybersecurity visualization is becoming more important than ever. In a field that's as interesting and exciting — and comes with such high stakes — as cybersecurity, you can’t allow knowledge gaps and technical complexity to obscure your message.With high-profile data breaches on everyone’s minds, the Board is becoming more and more involved in cybersecurity decisions. In fact, 45% of board members say they actively participate in setting the security budget at their company. For CISOs, getting the sign-off on necessary IT projects, purchases, and partnerships often involves making impactful arguments to Board members who might not have IT backgrounds. So, what cybersecurity visualization techniques can you use to gain executive buy-in?
![cloud security posture - bitsight](/sites/default/files/styles/4_3_small/public/2023/08/21/cloud%20security%20posture%20-%20bitsight.jpeg.webp?itok=ovEIqVbn)
As cyberattacks against cloud services and infrastructure increase, follow these best practices to improve your cloud security posture management.
![cyber threat prevention digital footprint](/sites/default/files/styles/4_3_small/public/2023/06/12/cyber%20threat%20prevention%20digital%20footprint.jpeg.webp?itok=S2oMadJ-)
We look at five ways you can reduce cyber threats without putting additional pressure on stretched resources.
![What Role Does Procurement Play in Supply Chain Risk Management?](/sites/default/files/styles/4_3_small/public/2022/02/18/What%20Role%20Does%20Procurement%20Play%20in%20Supply%20Chain%20Risk%20Management.png.webp?itok=Iy3E_rXa)
Thanks to globalization and rapidly developing technology, enterprise involves more connections than ever before, and more connections means more risk in the supply chain.
![Summarizing Federal & State Data Breach Notification Laws](/sites/default/files/styles/4_3_small/public/migration/images/databreachlaws_full_1.jpg.webp?itok=yVkT3Igr)
If your organization handles or works with a certain type of data, you have a legal obligation to protect that data. Generally speaking, this could refer to personal information like names, identifiers (i.e. social security numbers), health data, or financial data. If any such data is compromised, it’s not only your fiduciary responsibility to disclose the breach to those harmed—it’s also your legal obligation.
![What Companies Using Cloud Computing Services Need To Know About Their Risk Responsibilities](/sites/default/files/styles/4_3_small/public/migration/images/AWS%2520Cloud%2520Computing%2520blog%2520picture_1.jpg.webp?itok=RBgeaqMi)
Cloud computing is not new to the cyber world; it’s here to stay. Web services are common in our everyday lives and workplaces, with things like Facebook, Salesforce, JIRA, Adobe, and GSuite all falling into the cloud-based category. But who is responsible for breaches in the cloud data, the service provider or the organization using their services?
![dora compliance](/sites/default/files/styles/4_3_small/public/2023/08/21/dora%20compliance.jpeg.webp?itok=95b6S9bu)
We delve into the purpose of these EU regulations, the challenges they present, the timeframe for adoption, and the keys to comply.