Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
![Blog Image KEV Research Announcement](/sites/default/files/styles/cta/public/2024/05/01/Blog%20Image%20KEV%20Research%20Announcement.png?itok=dUMFV8Tg)
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
![financial services cybersecurity](/sites/default/files/styles/4_3_small/public/2021/11/14/financial%20services.jpg.webp?itok=6nD94pl3)
The financial services sector is one of the highest performing in terms of cybersecurity. One factor that contributes to this performance is regulation.
![Supply chain risk and tools](/sites/default/files/styles/4_3_small/public/2022/02/14/shutterstock_1660696486.jpg.webp?itok=QutLe6Zu)
Make your vendor lifecycle more efficient and less fraught with cyber risk with these three tips for supply chain risk management.
![What Should Be In Your Security Benchmark Reports?](/sites/default/files/styles/4_3_small/public/migration/images/Thumb_Benchmark_1.jpg.webp?itok=NwWbb6NU)
A security benchmark report is a document that helps an organization identify their cybersecurity capabilities and initiatives and compare those efforts to peers or competitors of the same sector or size. This snapshot is prepared either internally by the organization or by a third party.
![New research reveals rapid remediation of MOVEit Transfer vulnerabilities](/sites/default/files/styles/4_3_small/public/2024/03/27/New%20research%20reveals%20rapid%20remediation%20of%20MOVEit%20Transfer%20vulnerabilities_0.jpg.webp?itok=3HH1Rrk6)
CVE-2023-35036 & CVE-2023-35708 — were identified on June 9th and June 15th in the latest series of high-profile software supply chain vulnerabilities.
![weighted scale](/sites/default/files/styles/4_3_small/public/2023/07/14/Not%20all%20analytics%20are%20created%20equal.jpeg.webp?itok=CWxIzEAT)
Not all cybersecurity analytics are useful. Some are built on data and methodology that is scientifically shown to be correlated with risks and incidents.
![Which Third-Party Risk Management Tools Do You Really Need?](/sites/default/files/styles/4_3_small/public/migration/images/AdobeStock_181392143-min_1.jpeg.webp?itok=M8aCuxEd)
With high-profile breaches being traced back to supply chain vulnerabilities and a regulatory environment that’s waking up to the realities of vendor risk, many organizations are investing heavily in third-party risk management (TPRM) programs.
![Cyber Security Risk Modeling: What Is It And How Does It Benefit Your Organization?](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1563144256.jpg.webp?itok=_b7jre04)
As cyber security threats proliferate, cyber risk conversations are no longer limited to the Security Operations Center (SOC); they command the attention of the C-suite and the boardroom.
![Executive performance, Cyber risk management, Ransomware hack](/sites/default/files/styles/4_3_small/public/2022/08/25/Cyber%20risk%20management%20sized.jpg.webp?itok=rhEeTBiQ)
Executive performance and cyber risk management are now inextricably linked. Learn how CISOs can help executives be more accountable for cyber risk.
![Why You Should Consider Aggregate Portfolio Risk In Your Book Of Business](/sites/default/files/styles/4_3_small/public/migration/images/Aggregate%2520Portfolio%2520Risk%2520In%2520Your%2520Book%2520Of%2520Business%2520-%2520thumb_1.jpg.webp?itok=P_iMLpvy)
Considering aggregate portfolio risk is critical for insurance companies—which means it’s important to differentiate between concentration risk and aggregation risk.
![Continuous Security Monitoring - 5 Key Components | BitSight](/sites/default/files/styles/4_3_small/public/migration/images/Building%2520Your%2520Continuous%2520Security%2520Monitoring%2520Strategy%2520-%2520thumb_1.jpg.webp?itok=ob0RDI5J)
Utilizing a continuous cyber security monitoring strategy for cybersecurity can give your security team higher visibility into your threat landscape. To get the most value when investing in continuous security monitoring you first need to understand how data can be compromised. The three main ways are:
![cyber risk exposure](/sites/default/files/styles/4_3_small/public/2023/06/28/Cyber%20risk%20exposure%2C%20SIZED.jpeg.webp?itok=uoT45bM6)
Cyber risk exposure is the sum of the vulnerabilities and risks associated with your organization’s digital footprint. Here’s how to understand and manage it.
![getting started with enterprise risk management software](/sites/default/files/styles/4_3_small/public/2023/06/08/getting-started-with-enterprise-risk-management-software.jpg.webp?itok=IKebtA5X)
Enterprise risk management software helps businesses monitor, manage, and mitigate many types of risk. However, procuring and implementing ERM software requires a significant investment, and choosing the solutions that are right for your business is a perennial challenge for risk management professionals.
![What Is Cybersecurity Compliance? An Industry Guide](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1159332316.jpg.webp?itok=2tK78-jI)
If you operate in specific sectors, cybersecurity maturity is more than a best practice, it’s a regulatory requirement. These regulations are complex and constantly changing. To help you better understand your organization's regulatory environment and the standards and controls they stipulate, let's break down key cyber compliance regulations by industry.
![zero day remediation](/sites/default/files/styles/4_3_small/public/2023/04/27/zero%20day%20remediation_0.jpeg.webp?itok=udgJtvZA)
Software vulnerabilities are inevitable, but you can reduce their impact by acting fast. Follow these zero day remediation tips.
![Glass Lewis - Managing Cybersecurity Risk Requires Trustworthy Timely Data Insights](/sites/default/files/styles/4_3_small/public/2022/11/01/Glass%20Lewis%20Managing%20Cybersecurity%20Risk%20Requires%20Trustworthy%20Timely%20Data%20Insights.jpg.webp?itok=_l7ZYl0Y)
Glass Lewis is partnering with Bitsight to help investors tackle the significant and constantly changing challenge of understanding cybersecurity risk.