Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
![Blog Image KEV Research Announcement](/sites/default/files/styles/cta/public/2024/05/01/Blog%20Image%20KEV%20Research%20Announcement.png?itok=dUMFV8Tg)
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
![Glass Lewis & BitSight](/sites/default/files/styles/4_3_small/public/2021/11/14/glass%20lewis%20bitsight%20social%20image-min2.jpg.webp?itok=YfFD6mup)
Cybersecurity is a critical risk that can materially impact a company’s bottom line. Unfortunately, investors are largely in the dark when it comes to understanding the cybersecurity of the companies in which they invest.
![Poor Patching Cadence Correlated To Healthcare Ransomware Risk](/sites/default/files/styles/4_3_small/public/migration/images/Ransomware%2520Cyber%2520Attacks.jpg.webp?itok=XbDxnzyx)
Recent Bitsight research shows healthcare organizations that display poor patching cadence can be up to 7x more likely to experience ransomware.
![4 Best Practices for Supply Chain Cyber Risk Management](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1544853236.png.webp?itok=ULRDHYQ7)
Cyber risk management should be a priority for any organization. And while there are many measures your business can take to reduce cybersecurity risk across the enterprise, how do you discover and remediate unknown risks that may be lurking in the networks of third parties?
![What Can Ransomware Do? The Devastating Impacts and How You Can Protect Your Organization](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_641443576.png.webp?itok=ZhFcYCIp)
Ransomware is rapidly becoming the most common form of cyberattack. According to the Verizon 2021 Data Breach Investigations Report, ransomware incidents have doubled year-over-year with headline-grabbing consequences.
As if reflecting this trend, cyber insurance ransomware claims have also risen. Data collected by the University of Cambridge found that, in 2020, ransomware comprised 54% of insurance claims compared to just 13% between 2014 and 2019.
As if reflecting this trend, cyber insurance ransomware claims have also risen. Data collected by the University of Cambridge found that, in 2020, ransomware comprised 54% of insurance claims compared to just 13% between 2014 and 2019.
![Fortinet Leak Demonstrates Need For Remote Access System Patching](/sites/default/files/styles/4_3_small/public/migration/images/hacker-1.jpg.webp?itok=njilIVO6)
In early September, a threat actor leaked nearly 500,000 Fortinet VPN login names and passwords that were allegedly scraped from vulnerable devices last summer. The leaked credentials could allow hackers to access an exposed network to perform data exfiltration, install malware, and perform ransomware attacks. Bitsight was able to verify that 98% of the IP addresses in the leaked files were, in fact, running Fortinet VPN servers within the past 12 months.
![The BitSight and Moody's Partnership: A New Era For Cybersecurity](/sites/default/files/styles/4_3_small/public/migration/images/facebook-moodys-image-min_2.jpg.webp?itok=Sg6_IOaw)
Cybersecurity is one of the biggest threats to global commerce in the 21st century.
![4 Critical Success Factors for Effective Security Risk Management](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_791606470.png.webp?itok=d5lyQ1m2)
With the average cost of a data breach in the U.S. reaching nearly $8.6 million, your organization can’t afford to ignore cybersecurity risk. Indeed, the need for security risk management is greater than ever. When cyber risk is managed more effectively, you can focus on innovation and driving business growth.
![How Do I Know if I am at Risk for a Ransomware Attack?](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1228736578_0.png.webp?itok=JY0MfgIE)
It’s a question more people are asking with each passing day:
![Cybersecurity for Credit Unions: 4 Ways to Reduce the Risk of the Next Attack](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1930752182.png.webp?itok=Mr1e4mxK)
Credit unions must be on high alert for cyberattacks. That’s according to a recent warning issued by the National Credit Union Administration (NCUA), who cautioned the industry of potential avenues of attack, including ransomware and supply chain attacks.
![How to Make a Successful Case for Cybersecurity Funding](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1548797354.png.webp?itok=Jxuqz1Bg)
With cyberattacks on the rise, security investments are more important than ever. Still, the pandemic has forced many organizations to reconsider how they allocate their IT dollars. Between the new work-from-home paradigm and the increasingly global nature of many modern workplaces, CIOs have had to accelerate investments in cloud solutions and remote technology.
![3 Ways CISOs Can Brief Executives and Board Members on Cybersecurity IT Governance](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1031044351.png.webp?itok=XEEozr6l)
Cybersecurity incidents are on the rise, and the monetary setbacks for victims are considerable. The average cost of a data breach in the U.S. has soared to nearly $8.6 million, and these costs are expected to grow by 15% over the next five years.
![What You Need To Know About The Kaseya Ransomware Attack; And Why You Shouldn’t Be Surprised](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_667910359.png.webp?itok=KNzREs4G)
It happened again - another disruptive ransomware attack. On July 2, 2021 Kaseya, a Florida-based software provider that provides Remote Management Monitoring, warned of its software being abused to deploy ransomware on end-customers' systems.
![Taking Data Privacy Further: Prioritizing Privacy and Continuous Improvement](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1432137119.jpg.webp?itok=Sc8zRx9s)
Bitsight, the Standard in Security Ratings, has established itself as not only a clear leader in security ratings but now also in the burgeoning field of data privacy.
In an effort to demonstrate to its customers how seriously it takes protecting their data, and to lead the market to implement more comprehensive data privacy systems and practices, Bitsight is now the proud recipient of TrustArc’s TRUSTe APEC CBPR Enterprise Certification and the TRUSTe APEC PRP Enterprise Certification.
In order to receive this designation, Bitsight completed a demanding certification process based on a comprehensive set of requirements governing data privacy management practices, including the privacy standards set forth in the APEC Cross Border Privacy Rules (CBPR) and the APEC Privacy Recognition for Processors (PRP) Systems. These practices are further detailed in the TRUSTe Enterprise Privacy & Data Governance Practices Assessment Criteria.
In an effort to demonstrate to its customers how seriously it takes protecting their data, and to lead the market to implement more comprehensive data privacy systems and practices, Bitsight is now the proud recipient of TrustArc’s TRUSTe APEC CBPR Enterprise Certification and the TRUSTe APEC PRP Enterprise Certification.
In order to receive this designation, Bitsight completed a demanding certification process based on a comprehensive set of requirements governing data privacy management practices, including the privacy standards set forth in the APEC Cross Border Privacy Rules (CBPR) and the APEC Privacy Recognition for Processors (PRP) Systems. These practices are further detailed in the TRUSTe Enterprise Privacy & Data Governance Practices Assessment Criteria.
![The Digital Operational Resilience Act (DORA) - What you need to know](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_120539965-1_0.jpg.webp?itok=dFZRO61w)
The European Union (EU) will soon launch a new regulation that will require banks and firms in the global financial industry to mature their third-party risk management programs to include set cybersecurity requirements – which will also apply to the critical Information and Communication Technology (ICT) service providers they are working with.
![Nobelium Attack Highlights Risk of Exposed Credentials](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1798108852.jpg.webp?itok=HTEH7uam)
Microsoft recently announced that the threat actor Nobelium continues to target government agencies, think tanks, consultants, and non-government organizations with cyber attacks.