Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
![Blog Image KEV Research Announcement](/sites/default/files/styles/cta/public/2024/05/01/Blog%20Image%20KEV%20Research%20Announcement.png?itok=dUMFV8Tg)
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
![Do You Need to Create Segmented Networks to Protect Critical Assets?](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_591206291_1.jpg.webp?itok=vR-Owa5h)
Network segmentation — the act of dividing a network into multiple smaller, isolated networks that are not visible from the outside — has long been used to reduce cyber risk. At its core, segmentation assumes a “zero trust” approach to protecting digital environments and minimizes access to digital assets for those who don’t need it, while enabling access for those who do. Should a breach occur, that threat is contained in the segmented network so it doesn’t propagate to other assets.
![What Is Endpoint Security & Why Is It Important?](/sites/default/files/styles/4_3_small/public/migration/images/Thumb-endpoint-security_1.jpg.webp?itok=eU9qSvHt)
From an IT perspective, an important part of endpoint security refers to ensuring that the endpoint devices connected to your network—computers, laptops, mobile devices, tablets, etc.—are running on the latest version or patch to all operating systems or software.
![inherent risk](/sites/default/files/styles/4_3_small/public/2023/02/24/inherent%20risk.jpg.webp?itok=pCR1Wf3S)
Learn what is inherent risk, how to measure it, and why it's a useful tool for your vendor risk management program.
![what is malware](/sites/default/files/styles/4_3_small/public/2022/06/13/shutterstock_1326113375.jpg.webp?itok=1HZUZvHB)
Malware can gain entry to your network in many ways. Once malware has penetrated a network, threat actors can use it to steal information, encrypt systems, spy on users, and remove files. Learn how to prevent dangerous malware.
![cybersecurity intelligence](/sites/default/files/styles/4_3_small/public/2023/08/03/cybersecurity%20intelligence.jpeg.webp?itok=-AuPpnQu)
Cybersecurity intelligence is a powerful weapon against risk. Learn how you can improve your cyber data collection, analysis, and sharing to mitigate emerging threats.
![Independent benchmarking for SEC disclosure strategy](/sites/default/files/styles/4_3_small/public/2023/08/03/Benchmarking%20data%20SEC%2C%20SIZED.jpeg.webp?itok=o0UYIR-0)
New SEC regulations mean that cybersecurity leaders are looking for ways to tell their company's story and looking for the right data to include. Independent cybersecurity benchmarking results are quickly becoming one of the primary data points included in any investor disclosure.
![what is vulnerability management](/sites/default/files/styles/4_3_small/public/2023/03/08/what%20is%20vulnerability%20management.jpg.webp?itok=-1gUWtzs)
As the attack surface expands, vulnerability management offers a strategic approach to manage exposure and remediate on time. Here's what you need to know.
![what is vulnerability monitoring](/sites/default/files/styles/4_3_small/public/2023/04/05/what%20is%20vulnerability%20monitoring.jpg.webp?itok=ARmLJ1nk)
In today’s ever changing cyber risk landscape, your organization must adopt a vulnerability management framework to control exposure and remediate risks in a timely manner.
![Following METI’s Attack Surface Guidance](/sites/default/files/styles/4_3_small/public/2023/08/01/METI%20Blog%2C%20SIZED.jpeg.webp?itok=V4n3s-rl)
METI recommends ASM as a means to discover, manage internet assets, and continuously monitor for associated exposures and vulnerabilities allowing for remediations.
![4 Tips for Reducing Your Company’s Cyber Exposure](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1363031135_0.png.webp?itok=iN8eQUvX)
If your organization is like many others, its cyber exposure continues to grow over time. During the pandemic, as attackers sought to exploit unprecedented changes in work environments, 35% of cyberattacks used previously unseen malware or methods, up from the norm of 20%. And with the average enterprise using well over 1,000 cloud services, it can be very difficult to get a handle on potential vulnerabilities or to know when risks will pop up.
![Vulnerability, Vulnerability Scanner, Cybersecurity threats](/sites/default/files/styles/4_3_small/public/2022/07/01/Vulnerability%20Scanner%20sized.jpg.webp?itok=zZYmpyTs)
A vulnerability scanner evaluates security weaknesses and gaps in your digital infrastructure. Learn what to look for in a robust solution.
![what is a backdoor attack-bitsight](/sites/default/files/styles/4_3_small/public/2023/07/27/what%20is%20a%20backdoor%20attack-bitsight.jpeg.webp?itok=zs1W7yh8)
What is a backdoor attack and how can you protect your organization from becoming a victim? Let’s explore this stealthy threat.
![What the Gramm-Leach-Bliley Act Means for Financial Services Cybersecurity](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_751455550_1.jpg.webp?itok=xI-yPwH_)
For obvious reasons, the financial services industry has had the unfortunate distinction of being one of the largest high value targets for threat actors. Research shows that financial services businesses experience 300 more cyber attacks than organizations in other industries. Many of those attacks come through third-party suppliers whose networks may not be as secure as the organizations they work with.
![New cybersecurity requirements from the SEC](/sites/default/files/styles/4_3_small/public/2023/07/26/SEC%20Regulations%2C%20SIZED.jpeg.webp?itok=4FibTOhE)
On July 26, 2023, the SEC voted to adopt new cybersecurity requirements for publicly traded companies, creating new obligations for reporting “material” cybersecurity incidents and requiring more detailed disclosure of cybersecurity risk management, expertise, and governance.
![exposure management](/sites/default/files/styles/4_3_small/public/2023/07/10/Exposure%20Management%2C%20SIZED.jpeg.webp?itok=WB1l31-n)
What is exposure management? Learn how you can assess your organization’s cyber risk exposure and get ahead of cyber risk.