Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
![Blog Image KEV Research Announcement](/sites/default/files/styles/cta/public/2024/05/01/Blog%20Image%20KEV%20Research%20Announcement.png?itok=dUMFV8Tg)
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
![Cloud Security Risk: How to Address Common Threats with Continuous Monitoring](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1733556281.jpg.webp?itok=UYm0vD-j)
Spurred by the pandemic and a need for greater collaboration and business efficiency, cloud adoption is soaring. According to the Flexera 2021 State of the Cloud Report, spending on cloud services this year is predicted to be higher than ever.
![The Impact of Flawed Pseudorandom Number Generators in Network Devices](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_137627519.jpg.webp?itok=l8OYsxyP)
To gauge the impact of flawed pseudorandom number generators in network devices, Bitsight scanned the public Internet for RSA public keys and was able to factor the public modulus and recover the private keys for 41,225 network devices. Bitsight has also found that the prevalence of such vulnerable devices on the Internet has been declining in recent years; however, many still pose a risk to organizations that lack security controls to prevent the inadvertent exposure of unmanaged network assets to the public Internet.
![Cybersecurity Protection in the Wake of a Rough Six Months – Industry Experts Weigh In](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1506802568_2.jpg.webp?itok=4VwOIt0q)
In the six months since the SolarWinds supply chain attack there has been increased action in the cybersecurity breach world – and the bad actors aren’t letting up. This means that cybersecurity protection is more critical than ever.
![Maximize Your Cybersecurity ROI With Financial Quantification](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1253334823_0.jpg.webp?itok=I7Clggcx)
According to a Cybersecurity Ventures report, global cybercrime costs are expected to grow by 15% per year over the next five years — reaching $10.5 trillion USD annually by 2025. In light of this evolving threat environment and recent widespread security events, today’s cybersecurity leaders are under more pressure than ever to prove that their investments in their programs are actually paying off.
![Colonial Pipeline is Not Alone: Ransomware Risk in the U.S. Oil/Energy Sector](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_115189144_1.jpg.webp?itok=CT0hu-R6)
After last week’s catastrophic cyber incident targeting Colonial Pipeline, could more U.S. Oil and Energy companies be at risk of a ransomware attack?
![What’s Most Notable in Biden’s Cybersecurity Executive Order?](/sites/default/files/styles/4_3_small/public/migration/images/Digital%2520American%2520Flag_1.png.webp?itok=g9t4_ERi)
In light of recent significant attacks targeting the U.S. government, the Biden administration issued an Executive Order (EO) on cybersecurity on May 8, 2021.
Overall, the EO starts to fill in some critical gaps in US government cybersecurity capabilities. The EO is designed primarily to protect Federal infrastructure, but will also have significant impact on private sector service providers (e.g. software providers) who will now be required to meet new security requirements in order to do business with the U.S. government.
Overall, the EO starts to fill in some critical gaps in US government cybersecurity capabilities. The EO is designed primarily to protect Federal infrastructure, but will also have significant impact on private sector service providers (e.g. software providers) who will now be required to meet new security requirements in order to do business with the U.S. government.
![BitSight Integrates With ServiceNow to Reduce Risk Throughout Vendor Management Programs](/sites/default/files/styles/4_3_small/public/migration/images/1200x628-1b%2520%25281%2529_1.png.webp?itok=-g8xkwpk)
Organizations rely on third-parties to keep competitive in the marketplace. The EY global third-party risk management survey highlights that in 2019–20, over 33% of the 246 global companies surveyed were managing and monitoring third-party risk for over a 1000 vendors. As more vendors are onboarded into company networks, managing cybersecurity threats becomes a greater challenge, but a necessity.
![Your Attack Surface is Growing, Your Security Risk Assessments Should Evolve Too](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1690026925_1.jpg.webp?itok=LP-j512S)
Security risk assessments are an important tool in your organization’s arsenal against cyber threats. They shine a spotlight on areas of risk in your digital ecosystem, inform and prioritize mitigation strategies, and ensure hard-earned resources are allocated where they’re needed most. Assessments can also help you evaluate your third parties to mitigate the very real possibility that they’ll introduce unwanted risk into your organization.
![What is Security Orchestration, Automation and Response (SOAR)?](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_540164146_1.jpg.webp?itok=F6wQ0UZ-)
A couple of years ago, industry research firm Gartner introduced a new acronym—SOAR—into the cybersecurity nomenclature. SOAR stands for “security orchestration, automation, and response.” It’s not an individual tool, or even set of tools. Like ISO 27001, GDPR, FISMA, and others, SOAR is a cybersecurity framework organizations can use to create an effective risk mitigation strategy.
![Celebrating 10 Years of BitSight: A Co-Founder Looks Back](/sites/default/files/styles/4_3_small/public/migration/images/bitsight%252010th%2520anniversary%2520banner4-1-1_1.png.webp?itok=AQMq1KiJ)
It’s hard to believe, but Bitsight is celebrating our 10 year anniversary this week! I co-founded Bitsight in 2011 with my friend and grad school classmate, Nagarjuna Venna. When I think back at our original idea of creating a global cybersecurity ratings system, I’m surprised that our original thesis and vision still holds true today. It’s been an incredible journey filled with twists and turns, and I wanted to share some thoughts about where we’ve been and where we’re headed in the next decade.
![Optimize Your Cybersecurity Program With Financial Quantification](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1933009952_1.jpg.webp?itok=tAd7b-le)
Now more than ever before, it’s critical to build a strategic security performance management program in which you take a risk-based, outcome-driven approach to measuring, monitoring, managing, and reporting on your organization’s cybersecurity program performance over time. Of course, in order to do so, you need an easily understandable framework through which you can conduct a cyber risk analysis and lead meaningful conversations on the business impact of your organization’s risk exposure.
![4 Best Practices for Attack Surface Management](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_613167605_1.jpg.webp?itok=2WiePjlt)
Accelerated by the pandemic, digital ecosystems are expanding. New ways of working remotely, and the rapid adoption of cloud technologies have increased the number of digital touch-points that employees interact with. Unfortunately this expanded attack surface creates new points of exposure that make it difficult for security leaders to pinpoint where cyber risk exists, or when a risk is worth concern.
![Three Ways To Improve Your Cyber Risk Monitoring Tools](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1182594889_1.jpg.webp?itok=jmebBYdU)
Whether your organization is just beginning to develop your security performance management systems, or you already have a mature and established program in place, there is always room to innovate and improve the cyber risk monitoring tools you use.
![Top 3 Most Common Cybersecurity Models Explained](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1624789885_2.jpg.webp?itok=Iec-g2ip)
Security risk managers often face a lot of the same roadblocks, even if they’re managing programs of different sizes or in different industries. Basing security practices on well-known, and sometimes government-regulated cybersecurity models will mature your program to overcome process inefficiencies.
![Elevate Cyber Risk to Business Risk With Financial Quantification](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1083923609%2520%25281%2529_1.jpg.webp?itok=M3F6q0aj)
There’s no question about it: Being exposed to cyber risk is an inevitable part of doing business in today’s world. In fact, a recent ESG study found that 82% of organizations believe that cyber risk has increased over the past two years.