Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Critical Vulnerabilities Discovered in Automated Tank Gauge Systems
Bitsight TRACE explores several critical vulnerabilities discovered in ATG systems and their inherent risk when exposed to the Internet.
Properly managing third party risk and preventing damaging outcomes that result from gaps in your vendor ecosystem can be difficult and costly. With the recent SolarWinds data breach wreaking havoc on thousands of organizations globally, including many fortune 500 companies and organizations within the government sector, the need for efficiency when managing third party risk has never been more top of mind.
In light of the cyber attack targeting SolarWinds, security and risk professionals are working to identify instances of the Orion software within their organization -- including their broader partner ecosystem -- and reduce their exposure. How responsive have organizations been to the SolarWinds hack?
The cyber attack targeting SolarWinds, a provider of network and system monitoring software, is shaping up to be one of the most significant attacks against a critical supply chain partner, with significant implications for national security. Similar to NotPetya, the attackers compromised a software provider in order to gain access to the trusted update channel. Any organization using specific versions of the SolarWinds Orion Network Configuration Manager (SolarWinds Orion) product is presumed to be at risk.
Effective communication between different members of your team can make all the difference when it comes to maintaining your desired security posture and preventing massive cyber incidents. Reports can play a critical role in these communications, serving as the central mechanism through which to align on the most significant issues and make more confident, data-driven decisions.
In today’s “new normal” operating environment, you’re contending with a growing attack surface, limited resources, and an increasingly remote workforce — all at once. Given these conditions, it’s more important than ever to have a solid security performance management program in place.
Boards are increasingly looking at cybersecurity as a crucial part of the business. The problem is, the board doesn’t always know what to look for or how cybersecurity impacts the business. What the board really wants to hear in the next report is how you’re generating results for the organization and how those results are creating ROI on the spend. Here are a few cybersecurity questions and a few metrics that the board really wants to hear about in the next report.
New vulnerabilities emerge daily... but not every vulnerability is being actively exploited by nation state actors. Zerologon (CVE-2020-1472) is one such vulnerability. Zerologon was recently identified by the National Security Agency (NSA) as one of 25 vulnerabilities actively being exploited by Chinese state-sponsored actors.
Check out this Q&A with a US-based member of Bitsight's Customer Success team to learn about her role as an Bitsight Advisor & Customer Success Manager, her experience, and more.
In a highly unusual move, the National Security Agency released research on October 20, 2020, highlighting 25 common vulnerabilities that are being actively exploited by Chinese state-sponsored actors. The NSA issued the alert in order to help companies prioritize vulnerability management. Most of the NSA vulnerabilities can be exploited to gain initial access to networks that are directly accessible from the Internet.
The majority of us have been through phishing training for our jobs, where the simplified best-practices for all employees are laid out. These usually include reporting to IT when you receive emails from suspicious accounts, those that contain links without a description or subject lines that don’t make sense, or content you’re not familiar with or normally asked for, among other questionable communication.
The majority of us have been through phishing training for our jobs, where the simplified best-practices for all employees are laid out. These usually include reporting to IT when you receive emails from suspicious accounts, those that contain links without a description or subject lines that don’t make sense, or content you’re not familiar with or normally asked for, among other questionable communication.
Check out this Q&A with a London-based member of Bitsight's Customer Success team to learn about her role as an Customer Success Manager, her experience, and more.
Check out this Q&A with a Lisbon-based member of Bitsight's Customer Success team to learn about her role as an EMEA Customer Success Manager, her experience, and more.
Over the weekend of September 26th, major healthcare provider Universal Health Services experienced a ransomware attack resulting in widespread computer systems failures. Without access to their digital databases, doctors and nurses were forced to resort to pen and paper notes, postpone medical treatment, and work through gaps in medical history for patients needing care; all during an already high-pressure time for health care workers fighting the global COVID-19 pandemic.
Check out this Q&A with a US-based member of Bitsight's Customer Success team to learn about her role as a Customer Success Manager, her experience, and more.