Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
![Blog Image KEV Research Announcement](/sites/default/files/styles/cta/public/2024/05/01/Blog%20Image%20KEV%20Research%20Announcement.png?itok=dUMFV8Tg)
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
![State of Cyber Resilience](/sites/default/files/styles/4_3_small/public/2022/05/09/State%20of%20Cyber%20Resilience%2C%20SIZED.jpg.webp?itok=ttCWjcFs)
Learn what you can do to defend against cyber attacks and achieve a state of cyber resilience.
![attack vector vs attack surface](/sites/default/files/styles/4_3_small/public/2022/05/02/Attack%20vector%20vs%20Attack%20surface%20SIZED.jpg.webp?itok=2hAQAzR0)
The attack surface encompasses the digital assets that a hacker can exploit. An attack vector is the method they use to breach the attack surface.
![Announcing BitSight at RSA 2022](/sites/default/files/styles/4_3_small/public/2022/04/19/Visit%20BitSight%20at%20RSA%202022%20-%20Sized.jpg.webp?itok=CJoLZUbL)
Join Bitsight at the RSA Conference to learn the latest trends, real-life best practices, and valuable solutions that keep your company protected.
![Keys to the Kingdom: Single Sign-On (SSO) is Under Attack](/sites/default/files/styles/4_3_small/public/2022/04/11/Keys%20to%20the%20Kingdom%2C%20%20Sized.jpg.webp?itok=lVMhnDiC)
This article contains tips for security and risk professionals to manage risk from their Single Sign-On (SSO) providers and better protect their users’ credentials.
![Cyber insurance underwriting evolution and expectations](/sites/default/files/styles/4_3_small/public/2022/04/04/Cyber%20Insurance%20Underwriting%2C%20Sized.jpg.webp?itok=sXAliu2l)
What is cyber insurance underwriting, how has it evolved, and what you can expect when you apply for cyber insurance.
![Gartner Predicts Cybersecurity, 4 insights for 2022](/sites/default/files/styles/4_3_small/public/2022/03/29/Announcing%20Gartner%20Predicts%2C%20Sized.jpg.webp?itok=td-_OEmE)
The latest report from Gartner® outlines several key areas that leaders need to pay close attention to if they want to create more resilient, trusted programs.
![The state of cyber incident disclosure](/sites/default/files/styles/4_3_small/public/2022/03/28/From%20Months%20to%20Minutes%2C%20Sized.jpg.webp?itok=u2Oihzlw)
Are organizations prepared to meet new cyber incident disclosure requirements? The latest report from Bitsight's data analysts shows it might be easier said than done.
![global vendor breach](/sites/default/files/styles/4_3_small/public/2022/03/23/shutterstock_639700315.jpg.webp?itok=_y4NYmtx)
Organizations remain concerned about the potential implications to their own security posture as a result of the Okta cyber attack. It's important to identify where risks are present throughout your third parties landscape.
![Vendor security audit](/sites/default/files/styles/4_3_small/public/2022/03/21/Vendor%20Security%20Audit%2C%20Sized.jpg.webp?itok=31UMcGaI)
A vendor security audit can reduce third-party risk. Learn how you can mature your assessment process while saving time and resources.
![Common Ransomware Attack Vectors](/sites/default/files/styles/4_3_small/public/2022/01/31/Ransomware%20Attack%20Vectors%2C%20Sized.jpg.webp?itok=a5x42Rkm)
Over 70% of executives are bullish about their organization’s ransomware resilience. Here’s how security leaders can temper that overconfidence.
![New BitSight Features for Security Performance Management SPM](/sites/default/files/styles/4_3_small/public/2022/02/28/New%20BitSight%20Features%20for%20SPM%20SIZED.png.webp?itok=h8kBvfpy)
New features in Bitsight's Security Performance Management (SPM) solution help you quickly get better insights of your attack surface so you reduce the risk of data breaches, ransomware, and cyber attacks.
![UK cyber resilience cyber security strategy webpage](/sites/default/files/styles/4_3_small/public/2022/02/28/UK%20Cyber%20Resilience%2C%20Sized.jpg.webp?itok=EZJ1xllP)
The UK Cyber Resilience 2022 strategy is a remarkable blueprint for any organization looking to improve cyber resilience. What lessons can be learned?
![Global supply chain risk](/sites/default/files/styles/4_3_small/public/2022/02/24/shutterstock_507719209.jpg.webp?itok=wZTdR-DH)
The situation between Russia and Ukraine has been escalating since the start of January, when Russia stationed more than 100,000 troops along the Ukrainian Border. Although cyber security is not the primary concern in the current situation, there is a cyber security component that absolutely should not be overlooked.
We believe a war in the region would have a direct impact on the cyber threat landscape. Both Poland and Lithuania have recently raised their countries' alert level, just hours after Ukraine reported its defense ministry and two banks had been hacked. In the US, CISA has issued a recommendation for all organizations, regardless of size, to adopt a heightened posture when it comes to cybersecurity. Meanwhile, Russia launched a full scale attack on Ukraine territory, which is still developing, and its full reach still remains to be seen.
We believe a war in the region would have a direct impact on the cyber threat landscape. Both Poland and Lithuania have recently raised their countries' alert level, just hours after Ukraine reported its defense ministry and two banks had been hacked. In the US, CISA has issued a recommendation for all organizations, regardless of size, to adopt a heightened posture when it comes to cybersecurity. Meanwhile, Russia launched a full scale attack on Ukraine territory, which is still developing, and its full reach still remains to be seen.
![global digital perimeter](/sites/default/files/styles/4_3_small/public/2022/02/23/shutterstock_1643121439.jpg.webp?itok=2h-byzWy)
As cyber attacks evolve and your attack surface increases, learn how you can protect your digital perimeter.
![Port of LA, shipping container in the port](/sites/default/files/styles/4_3_small/public/2022/06/17/Port%20of%20LA%20Cyber%20Resilience%20Center%20Sized-min.jpg.webp?itok=IoNUJp8A)
Disrupting the flow of goods and services is a keen priority for threat actors and critical infrastructure has long been a favored target. In 2021, the Colonial Pipeline ransomware attack caused a devastating impact to the economy when Russia-based hackers halted fuel movement along the critical U.S. Gulf and East Coast pipeline.
But this and other attacks may only be the beginning of an alarming ransomware trend aimed at U.S. critical infrastructure. Ransomware-as-a-service tools make ransomware easy to execute, making it the dominant cyber threat to enterprises in 2022. Indeed, the FBI recently warned that hackers have already developed ransomware code designed to disrupt critical infrastructure or industrial processes.
But this and other attacks may only be the beginning of an alarming ransomware trend aimed at U.S. critical infrastructure. Ransomware-as-a-service tools make ransomware easy to execute, making it the dominant cyber threat to enterprises in 2022. Indeed, the FBI recently warned that hackers have already developed ransomware code designed to disrupt critical infrastructure or industrial processes.