Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
![Blog Image KEV Research Announcement](/sites/default/files/styles/cta/public/2024/05/01/Blog%20Image%20KEV%20Research%20Announcement.png?itok=dUMFV8Tg)
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
![3 Steps to Building an Effective Cyber Risk Strategy](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1088986847_1.jpg.webp?itok=bUbqzj96)
In today’s “new normal” operating environment, you’re contending with a growing attack surface, limited resources, and an increasingly remote workforce — all at once. Given these conditions, it’s more important than ever to have a solid security performance management program in place.
![What Cybersecurity Questions Your Report Should Answer | BitSight](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_734785402_2.jpg.webp?itok=JYUjrQP0)
Boards are increasingly looking at cybersecurity as a crucial part of the business. The problem is, the board doesn’t always know what to look for or how cybersecurity impacts the business. What the board really wants to hear in the next report is how you’re generating results for the organization and how those results are creating ROI on the spend. Here are a few cybersecurity questions and a few metrics that the board really wants to hear about in the next report.
![Zerologon: BitSight Observations on a Dangerous Vulnerability](/sites/default/files/styles/4_3_small/public/migration/images/zerologon%2520blog%2520post%2520image_1.jpg.webp?itok=oN0mvHvD)
New vulnerabilities emerge daily... but not every vulnerability is being actively exploited by nation state actors. Zerologon (CVE-2020-1472) is one such vulnerability. Zerologon was recently identified by the National Security Agency (NSA) as one of 25 vulnerabilities actively being exploited by Chinese state-sponsored actors.
![Meet Our Customer Success Team: André Mártires Agostinho](/sites/default/files/styles/4_3_small/public/migration/images/Customer-Success-Blog-Full_46.png.webp?itok=8mryN1Um)
Check out this Q&A with a US-based member of Bitsight's Customer Success team to learn about her role as an Bitsight Advisor & Customer Success Manager, her experience, and more.
![BitSight’s View into the NSA’s Top Vulnerabilities](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1613354131_2.jpg.webp?itok=ZxiVnhdn)
In a highly unusual move, the National Security Agency released research on October 20, 2020, highlighting 25 common vulnerabilities that are being actively exploited by Chinese state-sponsored actors. The NSA issued the alert in order to help companies prioritize vulnerability management. Most of the NSA vulnerabilities can be exploited to gain initial access to networks that are directly accessible from the Internet.
![Worm Phishing Campaign Success On The Rise](/sites/default/files/styles/4_3_small/public/migration/images/Worm%2520phishing%2520campaign%2520blog%2520post%2520image_2.jpg.webp?itok=Wtgfczs5)
The majority of us have been through phishing training for our jobs, where the simplified best-practices for all employees are laid out. These usually include reporting to IT when you receive emails from suspicious accounts, those that contain links without a description or subject lines that don’t make sense, or content you’re not familiar with or normally asked for, among other questionable communication.
![Worm Phishing Campaign Success On The Rise](/sites/default/files/styles/4_3_small/public/migration/images/Worm%2520phishing%2520campaign%2520blog%2520post%2520image_2.jpg.webp?itok=Wtgfczs5)
The majority of us have been through phishing training for our jobs, where the simplified best-practices for all employees are laid out. These usually include reporting to IT when you receive emails from suspicious accounts, those that contain links without a description or subject lines that don’t make sense, or content you’re not familiar with or normally asked for, among other questionable communication.
![Meet Our Customer Success Team: André Mártires Agostinho](/sites/default/files/styles/4_3_small/public/migration/images/Customer-Success-Blog-Full_46.png.webp?itok=8mryN1Um)
Check out this Q&A with a London-based member of Bitsight's Customer Success team to learn about her role as an Customer Success Manager, her experience, and more.
![Meet Our Customer Success Team: André Mártires Agostinho](/sites/default/files/styles/4_3_small/public/migration/images/Customer-Success-Blog-Full_46.png.webp?itok=8mryN1Um)
Check out this Q&A with a Lisbon-based member of Bitsight's Customer Success team to learn about her role as an EMEA Customer Success Manager, her experience, and more.
![How Universal Health Services Could Have Avoided A Ransomware Attack](/sites/default/files/styles/4_3_small/public/migration/images/UHS%2520ransomware%2520blog%2520post%2520image_1.jpg.webp?itok=e3IphnEc)
Over the weekend of September 26th, major healthcare provider Universal Health Services experienced a ransomware attack resulting in widespread computer systems failures. Without access to their digital databases, doctors and nurses were forced to resort to pen and paper notes, postpone medical treatment, and work through gaps in medical history for patients needing care; all during an already high-pressure time for health care workers fighting the global COVID-19 pandemic.
![Meet Our Customer Success Team: André Mártires Agostinho](/sites/default/files/styles/4_3_small/public/migration/images/Customer-Success-Blog-Full_46.png.webp?itok=8mryN1Um)
Check out this Q&A with a US-based member of Bitsight's Customer Success team to learn about her role as a Customer Success Manager, her experience, and more.
![Meet Our Customer Success Team: André Mártires Agostinho](/sites/default/files/styles/4_3_small/public/migration/images/Customer-Success-Blog-Full_46.png.webp?itok=8mryN1Um)
Check out this Q&A with a Lisbon-based member of Bitsight's Customer Success team to learn about his role as a Senior Customer Success Manager, his experience, and more.
![Can Your Vendor Assessments Be More Efficient?](/sites/default/files/styles/4_3_small/public/migration/images/VendorAssessment_BlogImage_1.jpg.webp?itok=ggSZ3Bcp)
If you’re using a “one-size fits all” approach to managing your vendor lifecycle, you are missing opportunities to save money and operate more efficiently. Vendor management efficiencies don’t end in the onboarding stage: using a continuous vendor monitoring approach will help you better manage your third parties you worked so hard to onboard.
![How to Make More Informed, Data-Driven Security Decisions](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_302638517_1.jpg.webp?itok=OlxxqZoo)
Data can be the key to making more informed, strategic cybersecurity decisions — and ensuring you’re spending your security dollars effectively. In order to get the most out of your increasingly limited security resources and meet or surpass industry benchmarks, you need visibility into the relative performance of your security program — and insight into the cyber risk present across your ecosystem.
![NIST Cybersecurity Framework Now Includes Guidance For Federal Agencies](/sites/default/files/styles/4_3_small/public/migration/images/bigstock--192553642_1.jpg.webp?itok=_6kSxsMd)
Recently, the National Institute of Standards & Technology (NIST) released a guide for federal agencies to apply the NIST Cybersecurity Framework to government affairs. This comes during a time of heightened attention on the government’s cybersecurity efforts leading up to the election.