Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
![Blog Image KEV Research Announcement](/sites/default/files/styles/cta/public/2024/05/01/Blog%20Image%20KEV%20Research%20Announcement.png?itok=dUMFV8Tg)
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
![BitSight Observations Into Hafnium Part Four: Who Is Still Vulnerable?](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1651775455_2.jpg.webp?itok=-ESfJPLc)
The unfolding Hafnium attack is the latest event in the trend of cyber events. CISO’s are starting to recognize that enterprise cyber security is being redefined to mean me and all my suppliers, or the combination of first and third party cyber risk is enterprise risk. NotPetya demonstrated that breaching a small accounting firm could cost a firm like Merck over $1B in damage.
![Common Cloud Service Providers Are Not Immune To Cyber Attacks](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1722461929_1.jpg.webp?itok=rFgHGEcD)
Oftentimes, security managers fall into the trap of believing that a large or commonly used cloud services organization is safe to have connected to their network. Cloud services providers aren’t immune to bad actors targeting their network, and in reality can expose extremely sensitive information when they are targeted.
![BitSight Observations Into HAFNIUM Attacks, Part Three: Exploitation and Vulnerability Persists](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_517900255_1.jpg.webp?itok=8PxFIUOH)
Organizations around the globe continue to address the fallout from the Microsoft Exchange Server zero-day attacks. It was recently announced that hackers may now be exploiting the vulnerabilities in Exchange to drop ransomware into vulnerable systems via backdoor attacks (or Web shells). There is significant urgency for organizations to update their systems and patch immediately to stop these backdoor attacks that originated with Exchange.
![BitSight Observations Into HAFNIUM Attacks, Part Two](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1349504000_2.jpg.webp?itok=GaoLmSBD)
Microsoft Exchange is a critical business software used by organizations around the world for email. Sensitive data and communications are stored and transacted on the platform daily. In an unusual situation, threat actors have performed mass exploitation on zero-day vulnerabilities associated with Microsoft Exchange.
![BitSight Observations Into HAFNIUM Attacks, Part Two](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1349504000_2.jpg.webp?itok=GaoLmSBD)
Microsoft Exchange is a critical business software used by organizations around the world for email. Sensitive data and communications are stored and transacted on the platform daily. In an unusual situation, threat actors have performed mass exploitation on zero-day vulnerabilities associated with Microsoft Exchange.
![Should Security Ratings Require Independent Verification?](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_620211089_2.jpg.webp?itok=K0bAEtQF)
As a recent Forrester report highlighted, there are many cybersecurity ratings available. Security ratings have a valuable place in your overall cyber risk mitigation strategy, for many reasons.
![BitSight Observations Into the HAFNIUM Attacks: Part One](/sites/default/files/styles/4_3_small/public/migration/images/Screen%2520Shot%25202021-03-09%2520at%252012.11.30%2520PM-1_1.png.webp?itok=XDgvDBEd)
On March 2, Microsoft announced that it has detected multiple zero-day exploits being used to attack on-premises versions of Microsoft Exchange Server. According to Microsoft, in the attacks observed, cybersecurity threat actors used this vulnerability to access on-premises Exchange servers, which enabled access to email accounts, and installed additional malware to facilitate long-term access to victim environments.
![BitSight Is A Partner for Cybersecurity In Law Enforcement](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_657163924_1.jpg.webp?itok=jba_5rYp)
You can tell a lot about someone by the company they keep, and the same goes for your security ratings partner. All security ratings are not created equal.
![How To Prevent Organizational Data Leaks In 2021](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_243468685_1.jpg.webp?itok=MgvK4om6)
It’s every security manager's worst nightmare. A member of the IT department reaches to alert that malicious software has been detected on an internal network, and the hacker potentially has access to layers of sensitive data. In the following days and weeks of remediation, locating an access point, and reinforcing cybersecurity measures, security managers often ask themselves, “could this data leak have been prevented?”
![Three Things You Should Ask Your Security Ratings Partner](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1820093804_1.jpg.webp?itok=kpOlHghv)
Bitsight was recently named a Leader in The Forrester New Wave™: Cybersecurity Risk Rating Solutions, Q1 2021. As the creator and largest vendor by market presence in the category, we were honored to be recognized and to be the only vendor recognized for having differentiated product roadmap and go-to-market strategy.
![The Three T’s Behind Successful Enterprise Risk Management: Team, Technique, and Tools](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_796560889_1.jpg.webp?itok=XMbHsh5k)
Despite the best efforts from security and risk leaders, it can be extremely difficult to establish an efficient and effective enterprise risk management plan. As with anything that requires buy-in from the executive level, there has to be defined goals and clear paths the security team will take to make investments in their program feel worth it.
![How to Measure Cybersecurity Risk Across Your Digital Ecosystem](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_514749169_1.jpg.webp?itok=tC86_yYZ)
Cyber risk is everywhere. As organizations become increasingly interconnected — across business units, geographies, subsidiaries, remote offices, and third-party networks — the digital ecosystem is expanding rapidly. And this increased attack surface introduces a variety of new and evolving vulnerabilities.
![How CISOs Can Use Authority To Strengthen Supply Chain Cyber Security](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_771480601_1.jpg.webp?itok=h_cwnsKs)
The SolarWinds supply chain attack did more than just create cybersecurity problems for businesses and government agencies – it has had a strong impact on the mindset of CISOs. Already under stress, the incident further dispirited many CISOs who continually face escalating cyber threats. The SolarWinds hack was the latest – and biggest – shot across the bow.
![4 Must-have Best Practices for Better Vendor Risk Management](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1421446100_1.jpg.webp?itok=_ZCHFpoo)
Vendor risk management is top of everyone’s mind in light of the recent SolarWinds supply chain attack and concerns around weak points in the COVID-19 vaccination supply chains. Both exemplify the need for organizations of all types to take steps to fortify their vendor risk management processes.
![The BitSight Team Answers Your Questions About The SolarWinds Hack](/sites/default/files/styles/4_3_small/public/migration/images/SolarWinds_BitSightAnswersQuestions_BlogPost_1.png.webp?itok=MkFhbGeg)
The SolarWinds hack, discovered in late 2020 when FireEye announced it had been targeted through a third party vulnerability, has now become one of the most widespread and impactful supply chain attacks in history.