Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
![Blog Image KEV Research Announcement](/sites/default/files/styles/cta/public/2024/05/01/Blog%20Image%20KEV%20Research%20Announcement.png?itok=dUMFV8Tg)
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
![cost of a data breach](/sites/default/files/styles/4_3_small/public/2022/11/24/cost%20of%20a%20data%20breach.jpg.webp?itok=z8lukRAb)
A data breach can have financial, operational, and reputational impact, but how much does a data breach actually cost? Find out today.
![Global State of Exposure OpenSSL Vulnerabilities Hero Image](/sites/default/files/styles/4_3_small/public/2022/11/30/Global%20State%20of%20Exposure%20OpenSSL%20Vulnerabilities%20Hero.png.webp?itok=Yb70cTvv)
New Bitsight research finds that many organizations are still affected by the OpenSSL vulnerabilities, tracked as CVE-2022-3786 and CVE-2022-3602. This blog identifies the most affected sectors and nations around the world.
![Colibri Loader banner](/sites/default/files/styles/4_3_small/public/2022/11/30/Colibri%20Loader%20banner-min.jpg.webp?itok=fBRS6Uzx)
In this research, we present how to manually “unpack” a sample from a recent ColibriLoader malware campaign being distributed by PrivateLoader.
![risk quantification scale](/sites/default/files/styles/4_3_small/public/2022/11/21/Shutterstock_1135785197.jpg.webp?itok=-qLjy64N)
Cyber risk quantification methods can help you talk about risk in terms of business and financial impacts. Here’s how to find the right method for your organization.
![spend end of year budget](/sites/default/files/styles/4_3_small/public/2022/11/24/end%20of%20year%20budget%20spend.png.webp?itok=WDy219Ds)
Wondering how to leverage your remaining funds? As you decide how to use your end of year budget, ask yourself these questions.
![security risk leader](/sites/default/files/styles/4_3_small/public/2022/10/28/Shutterstock_2079263032.jpg.webp?itok=lomJa7o9)
Learn what really keeps security and risk leaders awake at night, plus solutions they can use to maximize their security resources and better manage an expanding attack surface.
![European Cyber Risk is Rising: Moodys - Blog](/sites/default/files/styles/4_3_small/public/2022/10/26/European%20Cyber%20Risk%20is%20Rising-Moodys.jpg.webp?itok=JnvhxuAf)
Cyber risk is rising in Europe, the Middle East and Africa (EMEA), according to the latest analysis from Moody’s Investor Services (“Moody’s”). Read latest research.
![Marsh McLennan and BitSight-Make Better Cybersecurity Decisions with Data Analytics Blog](/sites/default/files/styles/4_3_small/public/2022/10/14/Marsh%20McLennan%20and%20BitSight-Make%20Better%20Cybersecurity%20Decisions%20with%20Data%20Analytics%20Blog.jpg.webp?itok=xFLXcV3B)
New research by the Marsh McLennan Cyber Risk Analytics Center (Marsh McLennan) finds 14 Bitsight analytics have statistically significant correlation with cybersecurity incidents.
![What Is Sensitive Data & Why You Need To Protect It](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1033113025_1.jpg.webp?itok=MWSw8lrO)
As a security professional navigating the new challenges 2020 is bringing to cybersecurity, it’s critical to understand the ways your organization’s data could be exposed. Sensitive data is critical, safeguarded information. Different information can be considered sensitive depending on the industry, but in general it can be anything your organization, your employees, your customers, or your third parties would expect to be private and protected.Below, we’ve outlined five examples of sensitive data your organization likely handles—and a few key ways to protect it from evolving cyber threats.
![white house IoT security ratings](/sites/default/files/styles/4_3_small/public/2022/10/20/white-house-banner-min.jpg.webp?itok=vt5vNH-t)
Launching in 2023, representatives from the public and private sectors intend to form a labeling system where products are rated based on their cybersecurity.
![How to influence cyber insurance coverage](/sites/default/files/styles/4_3_small/public/2022/10/19/Cyber%20Insurance%20Influence%2C%20SIZED.jpg.webp?itok=iFwmqDV5)
Although Bitsight cannot influence the risk appetite of an insurance company, we can help you understand your cyber hygiene while proving to insurers that you are actively invested in your security posture, which influences the coverage decision.
![Cybersecurity transparency across your vendor portfolio](/sites/default/files/styles/4_3_small/public/2022/10/14/Cybersecurity%20Transparency%2C%20SIZED.jpg.webp?itok=OkFdmouj)
Learn why cybersecurity transparency matters and how you can achieve it quickly and at scale across your vendor portfolio.
![Global State of Exposure BIG IP CVE 2022-1388 Blog Header](/sites/default/files/styles/4_3_small/public/2022/10/13/Global-State-of-Exposure-BIG-IP-CVE-2022-1388.jpg.webp?itok=bUQlssM8)
Bitsight evaluated the current global state of exposure to CVE-2022-1388. Our findings indicate that many organizations remain vulnerable to this critical vulnerability, presenting risk not only to these organizations but also to their customer bases. See the findings.
![Vendor cybersecurity practices](/sites/default/files/styles/4_3_small/public/2022/10/06/Vendor%20Cybersecurity%20Practices%2C%20SIZED.jpg.webp?itok=SWyqYnLZ)
Learn about the five most important vendor cybersecurity practices to include in your third-party risk management program.
![PseudoManuscrypt Sinkholing](/sites/default/files/styles/4_3_small/public/2022/10/05/PseudoManuscrypt-Sinkholing.jpg.webp?itok=KZGbxrUT)
In late 2021 we started registering some DGA-like domains that not only did not belong to any known domain generation algorithm (DGA), but were also being classified as different types of malware. Read the analysis.