Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
![Blog Image KEV Research Announcement](/sites/default/files/styles/cta/public/2024/05/01/Blog%20Image%20KEV%20Research%20Announcement.png?itok=dUMFV8Tg)
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
![Enhance Vulnerability Mitigation With Security Performance Management](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_546191650_1.jpg.webp?itok=UtrMRyeZ)
From the start, it was clear that the Log4j vulnerability, also referred to as Log4Shell, would be widespread and present major challenges for organizations. But, why is addressing Log4j so challenging?
![Cyber intrusion, hacker looking at your network](/sites/default/files/styles/4_3_small/public/2022/02/07/Cyber%20Intrusion%2C%20Sized.jpg.webp?itok=_H7TnpQw)
Learn how to reduce the threat of cyber intrusion with a detection and prevention approach grounded in continuous monitoring.
![count_ip vs country](/sites/default/files/styles/4_3_small/public/2022/02/04/count_ip%20vs.%20country.png.webp?itok=Zs9j0V9Y)
Bitsight has been collecting FluBot infection telemetry data since March 2021. In total, we have identified 1.3 million IPs used by infected Android devices. Of them, over half (61%) are in Germany and Spain. Additionally, we are tracking an increase in IPs over time, which likely indicates an increase in infected devices.
![third party ransomware](/sites/default/files/styles/4_3_small/public/2022/02/01/shutterstock_1724155270.jpg.webp?itok=lVLHNvSn)
Learn what the disturbing ransomware trends means for your organization and third-party vendors.
![Cybersecurity in banking, showing people using contactless banking](/sites/default/files/styles/4_3_small/public/2022/01/24/3%20Cybersecurity%20Banking%20Trends%202022%2C%20Sized.jpg.webp?itok=h3nTzMiz)
Rapidly evolving risk and the digitization of banking is creating new threats. Here are three cybersecurity in banking trends to watch this year.
![Mobile Application Risk Report Cover 2021](/sites/default/files/styles/4_3_small/public/2022/01/20/Mobile%20Application%20Risk%20Report%20Cover.png.webp?itok=z3scQxPf)
As internet use continues moving toward a mobile-centric experience, it has become essential to consider mobile applications when crafting a security strategy. Bitsight’s latest research demonstrates exactly why. We are excited to announce that Bitsight Insights: Mobile Application Risk Report is available now.
![Drawn image of sharing files between different vendors](/sites/default/files/styles/4_3_small/public/2022/01/10/Dos%20and%20Donts%20of%20Data%20Sharing%2C%20sized.jpg.webp?itok=bASZyxUT)
Learn how to protect your organization’s “crown jewels” with these do’s and don’ts of sensitive data sharing with vendors.
![Information risk management](/sites/default/files/styles/4_3_small/public/2022/01/10/Information%20Risk%20Management%2C%20sized.jpg.webp?itok=sdCY7OM4)
What is information risk management? Learn more about how the classic equation of threat x vulnerability x consequence helps inform your cybersecurity risk management strategy.
![Dora blog image 2](/sites/default/files/styles/4_3_small/public/2022/01/05/DORA%20blog%20image%202.png.webp?itok=r7P-SwY2)
The Digital Operational Resilience Act is set to go into action in early 2022. Learn how Bitsight can help your organization meet the compliance requirements.
![mitigate risk](/sites/default/files/styles/4_3_small/public/2021/12/29/shutterstock_1924087544.jpg.webp?itok=X0KojRun)
Cyber risk mitigation and remediation are often talked about in the same terms. But they are different. Learn how you can optimize both.
![Measuring an acceptable level of supply chain risk](/sites/default/files/styles/4_3_small/public/2021/12/23/Inherent%20Cyber%20Risk%2C%20Sized.jpg.webp?itok=Qeb3gWyw)
What does your organization consider an acceptable level of inherent cyber risk in its vendor portfolio? Learn how to establish that threshold and focus resources where they’re needed most.
![Cyber risk data, CISO presenting about cybersecurity and cyber risk to board of directors and c-suite](/sites/default/files/styles/4_3_small/public/2021/12/20/Cyber%20Risk%20Data%20Sized.jpg.webp?itok=24505oTu)
Learn how to use cyber risk data to protect your organization and its financial assets.
![BitSight Research Explores A Risk Frequently Ignored: Critical Updates](/sites/default/files/styles/4_3_small/public/migration/images/Q2-Insights-Report-Blog-Thumb_1.png.webp?itok=kxIYbFPe)
As 2021 comes to a close, we thought it might be a good idea to look back at some of our research from the year. Bitsight investigated a variety of topics including ransomware, vulnerability mitigation, and RSA key generation flaws. We also studied specific vulnerabilities in Microsoft Exchange Server, Apache Server 2.4, and Apache Log4j.
![ransomware as a service](/sites/default/files/styles/4_3_small/public/2021/12/16/shutterstock_684331126.jpg.webp?itok=Lt-llKIs)
Ransomware attacks are on the rise, doubling in the last year alone. But why has ransomware emerged as the weapon of choice for bad actors? The answer comes down to time and money.
Thanks to the proliferation of ransomware-as-a-service (RaaS), ransomware attacks are significantly cheaper to execute and require less skill than other forms of breaches. They are also highly profitable.
Thanks to the proliferation of ransomware-as-a-service (RaaS), ransomware attacks are significantly cheaper to execute and require less skill than other forms of breaches. They are also highly profitable.
![cybersecurity program](/sites/default/files/styles/4_3_small/public/2021/12/13/Cybersecurity%20Program%20Blog%20Drupal%20Sized-min.jpg.webp?itok=9ktdoCjJ)
Cybersecurity is a priority for any organization and a big-ticket budget line item. But before investments in security are made, your organization must understand what it is doing right and where improvements to your cybersecurity program are needed.
Typically, this involves conducting a periodic security audit. But these assessments only capture a point-in-time view of the effectiveness of your security controls – and are incredibly resource-intensive.
Typically, this involves conducting a periodic security audit. But these assessments only capture a point-in-time view of the effectiveness of your security controls – and are incredibly resource-intensive.