Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
![Blog Image KEV Research Announcement](/sites/default/files/styles/cta/public/2024/05/01/Blog%20Image%20KEV%20Research%20Announcement.png?itok=dUMFV8Tg)
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
![Common Cybersecurity Vulnerabilities and Exposures to Pay Attention to in 2021](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1094704532_1.jpg.webp?itok=D0HA3CrI)
The SolarWinds supply chain attack discovered in late 2020 was a wakeup call for security managers across all industries. The hack is shaping up to be one of the most impactful attacks against a critical supply chain partner in history.
![Ransomware Emerges as Most Destructive Cybersecurity Trend of 2020](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_667910359_1.jpg.webp?itok=PujeePlP)
As if the COVID-19 pandemic wasn’t bad enough, the unpredictable events of 2020 created the perfect storm for a huge escalation in ransomware attacks.
![The Big Data Breaches of 2020: What Happened and What Did We Learn?](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_218372422_1.jpg.webp?itok=hSp_Bj_y)
Not to be forgotten during the chaos that was 2020 were the massive cybersecurity breaches that directly impacted some of the country’s largest businesses and their customers. Let’s take a closer look at four of the big data breaches of 2020 — and what we can learn from these incidents to avoid a repeat of similar events in 2021.
![The Financial Impact of SolarWinds Breach](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_755847970_2.jpg.webp?itok=7n3eVAke)
The SolarWinds breach is already one of the most significant cybersecurity incidents ever. And as with any unprecedented cyber event, this will have long-term effects on the way businesses and government consider their security programs. While many questions remain unanswered, the SolarWinds impact on the insurance sector has become clearer after an analysis we’ve completed with one of our partners. So, what should we expect the financial impact of SolarWinds on cyber insurers? And how can cyber insurers quantify a breach of this scale in the future?
![The Financial Impact of SolarWinds Breach](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_755847970_2.jpg.webp?itok=7n3eVAke)
The SolarWinds breach is already one of the most significant cybersecurity incidents ever. And as with any unprecedented cyber event, this will have long-term effects on the way businesses and government consider their security programs. While many questions remain unanswered, the SolarWinds impact on the insurance sector has become clearer after an analysis we’ve completed with one of our partners. So, what should we expect the financial impact of SolarWinds on cyber insurers? And how can cyber insurers quantify a breach of this scale in the future?
![Is Single Sign-On Secure? SSO Benefits for Remote Work](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1341139622_2.jpg.webp?itok=_x5HUMlj)
Remote work has always introduced unique and evolving cyber risks. In our “new normal” operating environment, where entire workforces have gone remote, IT security teams are facing an unprecedented challenge.
![2021 Cybersecurity Trends: BitSight Predicts the Top 3](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1814356268_1.jpg.webp?itok=XYqpH1va)
2020 was a transformative year that blew all predictions out of the water. As we look ahead to 2021, we will continue to see the repercussions of this year’s events.
![How to Prove Your Organization’s Cybersecurity Investment is Paying Off](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1291014910_1.jpg.webp?itok=MeoXA2sz)
In light of recent widespread breaches and security incidents, such as the cyber attack targeting SolarWinds, security and risk managers are under more pressure than ever to prove that their cybersecurity investments are actually paying off.
![Use the right cybersecurity analytics to make a business case for risk management](/sites/default/files/styles/4_3_small/public/migration/images/Use%2520the%2520right%2520cybersecurity%2520analytics%2520to%2520make%2520a%2520business%2520case%2520for%2520risk%2520management_1.jpg.webp?itok=2PNqWuUF)
Not long ago, corporate executives would give only passing thoughts to their organization’s cybersecurity postures. Leadership and board members would take notice in the wake of a major data breach, for example, or a couple of times a year as a “check the box” exercise to maintain compliance with regulations. Overall, however, cybersecurity analytics didn’t really garner much attention.
![Email Security Best Practices: Using SPF Cybersecurity to Mitigate Malicious Threats](/sites/default/files/styles/4_3_small/public/migration/images/BitSight_SPF_framework_1.png.webp?itok=UglhB2fp)
The threat from malicious email represents one of the greatest risks to IT security. That threat continued unabated in 2020, especially in the wake of the COVID-19 pandemic. Research indicated that in 2020 the number of nefarious emails increased dramatically, reaching about 1.5 million malicious emails per day during one particularly intense three month period.
![A response to Security Ratings - Love, Loathe or Live With Them](/sites/default/files/styles/4_3_small/public/migration/images/Blue_background_numbers_1.jpg.webp?itok=heBnReDb)
A week ago (which seems like a world ago given everything that’s happened with SolarWinds) Phil Venables -- formerly CISO of Goldman Sachs and now CISO of Google Cloud -- posted an interesting expose on security ratings this week. Phil has a better perspective than most on the value and challenges of ratings not only because of the positions that he’s held but also because he is one of the authors of the Principles of Fair and Accurate Security Ratings. These principles also guide how Bitsight thinks about our rating overall.
![Best Practices For Managing Third Party Risk](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1698716524_1.jpg.webp?itok=E4rm62DO)
Properly managing third party risk and preventing damaging outcomes that result from gaps in your vendor ecosystem can be difficult and costly. With the recent SolarWinds data breach wreaking havoc on thousands of organizations globally, including many fortune 500 companies and organizations within the government sector, the need for efficiency when managing third party risk has never been more top of mind.
![BITSIGHT ANALYSIS OF SOLARWINDS ORION — PART 2: DECLINING PREVALENCE](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1705312225_1.jpg.webp?itok=iupwgerZ)
In light of the cyber attack targeting SolarWinds, security and risk professionals are working to identify instances of the Orion software within their organization -- including their broader partner ecosystem -- and reduce their exposure. How responsive have organizations been to the SolarWinds hack?
![BitSight Analysis of SolarWinds Orion Breach — Part 1: Prevalence](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1007122360_1.jpg.webp?itok=nMNGvoTV)
The cyber attack targeting SolarWinds, a provider of network and system monitoring software, is shaping up to be one of the most significant attacks against a critical supply chain partner, with significant implications for national security. Similar to NotPetya, the attackers compromised a software provider in order to gain access to the trusted update channel. Any organization using specific versions of the SolarWinds Orion Network Configuration Manager (SolarWinds Orion) product is presumed to be at risk.
![What Does Risk-Based Cybersecurity Reporting Look Like?](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1648407448_1.jpg.webp?itok=RKxpWUXk)
Effective communication between different members of your team can make all the difference when it comes to maintaining your desired security posture and preventing massive cyber incidents. Reports can play a critical role in these communications, serving as the central mechanism through which to align on the most significant issues and make more confident, data-driven decisions.