Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
![Blog Image KEV Research Announcement](/sites/default/files/styles/cta/public/2024/05/01/Blog%20Image%20KEV%20Research%20Announcement.png?itok=dUMFV8Tg)
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
![Understanding the New SEC Cyber Rules](/sites/default/files/styles/4_3_small/public/2023/08/23/Understanding%20the%20New%20SEC%20Cyber%20Rules.jpeg.webp?itok=iq3Ekh-e)
The SEC’s New Cybersecurity Regulations: Understanding the Impact for Companies & Their Shareholders
In Part 1 of this multi-part series, we describe the new SEC cybersecurity regulations and assess potential impact on both shareholders and companies.
![4 Things You Should Include In Your Data Breach Response Plan](/sites/default/files/styles/4_3_small/public/migration/images/Data%2520Breach%2520Response%2520Plan%2520-%2520thumb_1.jpg.webp?itok=BpM0ztOY)
If you’re working on organizational cybersecurity, one of your top goals is likely putting a system in place that will help identify data breach incidents as quickly as possible, whether that data is inside your organization or with one of your vendors. Of course, simply knowing about a data breach incident isn’t enough—you have to take action immediately, or you could risk major data implications.
![Cybersecurity Reporting](/sites/default/files/styles/4_3_small/public/2023/05/01/Cybersecurity-Reporting.jpg.webp?itok=NJVNq7cv)
A majority of boards now see cyber risk as business risk, so they’re asking hard questions around risk and exposure. Security leaders must have processes in place to inform and educate executives, boards, and stakeholders as to the security posture of the organization as well as the postures of important third parties.
![attack vector](/sites/default/files/styles/4_3_small/public/2021/11/14/cyber-security-1.jpg.webp?itok=RAYbO3AK)
Today’s opportunistic hackers are seasoned professionals who are getting more adept at exploiting your organization’s digital attack surface. To do this they employ a variety of attack vectors.
![Do You Have What it Takes to Achieve Digital Resilience?](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1709609737.jpg.webp?itok=wbHtLeTI)
The term “digital resilience” has gained momentum over the past few years as cybersecurity threats have grown, but what does it really mean? And how can a company become digitally resilient?
![cybersecurity risk management](/sites/default/files/styles/4_3_small/public/2023/09/20/cybersecurity%20risk%20management.jpg.webp?itok=BJIjhH0z)
Is cybersecurity risk defined in the same way as common risk? How is it different? Find out the answers and what you can do about it.
![Woman CISO smiling](/sites/default/files/styles/4_3_small/public/2023/08/15/New%20SEC%20cybersecurity%20rules.jpg.webp?itok=qzbStrIj)
Companies will be required to disclose risks in their annual reports beginning on 12/15/2023. For many CISOs, they may have some real questions. Here's where to start.
![Bitsight and Diligent partner](/sites/default/files/styles/4_3_small/public/2023/07/18/Diligent-and-Bitsight.jpg.webp?itok=K44DP7gJ)
Bitsight & Diligent launch extension partnership focused on correlated, independent, & comparable cyber ratings within Diligent’s Board Reporting for IT Risk.
![what is a zero day - zero day exploit](/sites/default/files/styles/4_3_small/public/2023/03/10/what%20is%20a%20zero%20day.jpg.webp?itok=FotfSweF)
Dealing with unpredictable vulnerabilities is one of today's greatest challenges. What is a zero day and why is it relevant for TPRM?
![what is a whaling attack-bitsight](/sites/default/files/styles/4_3_small/public/2023/08/13/whaling%20attack-bitsight.jpeg.webp?itok=bcj1aLsn)
Whaling attacks are a form of spear phishing that target senior executives. Learn how to defend against these attacks.
![What is Cyber Security Performance Management?](/sites/default/files/styles/4_3_small/public/migration/images/What%2520is%2520SPM_1.png.webp?itok=kJBnM6Dp)
Security performance management (SPM) helps security and risk leaders take a risk-based, outcome-driven approach to assessing and managing the performance of their organization’s cybersecurity program. With SPM, security leaders can continuously monitor and assess their organization’s current security state, analyze how security performance ranks against industry and peers, and create improvement plans that reduce cyber risk.
![What is Digital Risk Protection?](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_672114784-1_1.jpg.webp?itok=yYQx79mf)
Digital risk protection (DRP) solutions can be powerful operational tools for security analysts and threat researchers looking to identify and address existing cyber risk exposures quickly. While these solutions can provide valuable assessments, they focus on short-term outcomes rather than long-term ones. DRP tools are more tactical than strategic in nature — and often do not provide the necessary context to make informed business decisions.
![Data Breach Blog](/sites/default/files/styles/4_3_small/public/2023/08/04/Data%20Breach%20Blog.jpg.webp?itok=hz-W8Ea5)
Read Bitsight breach research by looking at the evolution of reported incidents over the past years to identify trends and global patterns.
![Do You Have The Right Vendor Management Policies?](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_568645888_1.jpg.webp?itok=6KM6jgJj)
If you’re experiencing frustrating delays and procedural roadblocks during your vendor management process, you’re not alone. Security managers are seeing an increase in the number of third-parties integrating with their business, and Gartner reports that “60% of organizations are now working with more than 1,000 third parties”.
![cybersecurity due dilligence](/sites/default/files/styles/4_3_small/public/2021/11/14/Cybersecurity%20due%20diligence.jpg.webp?itok=30i3UhEx)
If your organization is entering into a relationship with a vendor or partner, vendor due diligence is key to mitigating third-party risk.