Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Critical Vulnerabilities Discovered in Automated Tank Gauge Systems
Bitsight TRACE explores several critical vulnerabilities discovered in ATG systems and their inherent risk when exposed to the Internet.
Special thanks to Venky Ganesan, the managing director of Menlo Ventures, for his insights into this topic.
Discover the methodology, at a technical level, the Bitsight Security Research team used to evaluate the three critical vulnerabilities affecting MOVEit Transfer.
Most Boards today know that cybersecurity is a critical issue that simply cannot be overlooked — which means many Boards today receive regular briefings on the topic. If you’re a new CIO or CISO (or your organization has just begun this practice) it’s absolutely critical that you establish credibility when you present to your Board of Directors. If you’ve been asked to present and you’ve never briefed a Board of Directors on cybersecurity before, your questions are going to be far different than they would be if you had seven or eight presentations under your belt. So below, we’ve detailed some of the topics you should include in your cybersecurity Board of Directors presentations — for both first timers and seasoned presenters.
Recent events have made cybersecurity a top concern among C-suite executives. The SolarWinds breach, Capital One incident, and Colonial Pipeline attack are just a few of the noteworthy events that have made CEOs and CFOs take active roles in discussions around risk mitigation.
The red lights are flashing everywhere. News stories are warning about a sharp rise in ransomware attacks, a 2000X fold increase in cybersecurity breaches, and more cyber-related doomsday scenarios. Meanwhile, the Biden Administration released a much-anticipated cybersecurity plan earlier this year, calling for more investments in cybersecurity.
Discover how consolidating your cybersecurity efforts not only saves costs but also enhances your organization's security posture—and that of your vendor ecosystem.
In today’s business landscape, it’s critical to manage the risk that your vendors, or third parties, can pose to your business — and it’s not always the easiest task. It requires that organizations not only have the ability to continuously monitor and identify new risk, but also the ability to work with their vendors to fix security issues quickly. Getting to risk reduction rapidly means that both organizations are communicating effectively, using data and evidence rather than conjecture to make progress.
In 2023, the SEC adopted new cybersecurity disclosure requirements. Learn how shareholders can leverage cybersecurity information for investment decisions and more.
On February 12, 2013, President Barack Obama issued Executive Order 13636, “Improving Critical Infrastructure Cybersecurity,” which called for collaboration between government and the private sector to create a set of standards for organizations to identify, assess, and manage cybersecurity risk. This led to the NIST Cybersecurity Framework (CSF), a way for organizations to manage cybersecurity risk without the need for additional regulatory requirements. According to the Trends in Security Framework Adoption Survey earlier this year by Tenable Network Security, nearly a third of the organizations they surveyed leverage the NIST Cybersecurity Framework, with many respondents viewing it as an industry best practice.
Five of the most critical vendor evaluation tools that you should have in your cybersecurity risk management toolkit.
Government agencies in the United States are yet again suffering from a widespread data hack, this time originating from Microsoft Exchange servers. This breach comes less than five months after the SolarWinds breach exposed vulnerabilities across dozens of industries, including government agencies. How is the government pivoting to protect their network from these increasingly widespread attacks?
What’s the biggest struggle your vendor risk managers face when establishing cyber security monitoring processes? From sudden increases in the use of third-parties by your organization, to not knowing which vendors might be impacted by the current data breach, vendor risk managers are plagued by challenges and roadblocks that impede their program efficiency.
The Australian Prudential Regulation Authority (APRA) has introduced CPS 234. Learn about the regulation and how cybersecurity is now at the forefront.
One of the primary roles of senior executives—from the CISO to the general council and all the way up to the board of directors—is to ensure that an organization has policies set in place for cybersecurity.
Follow these tips to make sure all your vendors continuously meet your security standards.