Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
![Blog Image KEV Research Announcement](/sites/default/files/styles/cta/public/2024/05/01/Blog%20Image%20KEV%20Research%20Announcement.png?itok=dUMFV8Tg)
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
![Easy Security Wins: How Patching and Software Updates Impact Your Cybersecurity](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_761462383_1.jpg.webp?itok=t2sv58gF)
As companies continue to try and manage the massive changes to work driven by COVID-19, security teams have faced immense pressure to rise to the challenge and keep companies secure. In the face of the large scale shift to work from home, expansion of the vendor ecosystem and digital attack surface, and disruptions to operations, it’s vital that security teams focus their efforts on areas of risk concentration.
![Enhance Vulnerability Mitigation With Security Performance Management](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_546191650_1.jpg.webp?itok=UtrMRyeZ)
Did you know that 60% of breaches involve vulnerabilities for which a patch was available but not applied? Now, as business-targeted cyber attacks are on the rise, the ability to mitigate security vulnerabilities quickly and effectively is more important than ever. With malicious actors constantly on the hunt to discover any weaknesses within your infrastructure, it’s critical that you have the tools and insights you need to identify and defend against all possible exploits.
![Best Practices for Managing Third-party Risk in the Energy Sector](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1521170573_1.jpg.webp?itok=JTvTJ1LU)
Back in May this year, President Trump issued an executive order banning US energy sector entities from acquiring electric equipment from foreign adversaries, citing potential cybersecurity threats.
![How To Mature Your Vendor Risk Management Program](/sites/default/files/styles/4_3_small/public/migration/images/Vendor%2520maturity%2520model%2520intro%2520blog%2520picture_1.jpg.webp?itok=i8WN4BaR)
There are layers of uncertainty plaguing security professionals when it comes to the time, money, and energy they spend focusing on their third-party risk management systems. Without the proper tools and analysis, it is hard to know if your program is effective.
![BitSight Data Highlights Vaccine Developer Vulnerabilities](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1673968429_1.jpg.webp?itok=1bsevYza)
As the biomedical community rushes to develop vaccines to combat COVID-19, malicious actors are seeking to steal the sensitive intellectual property that underpins treatment.
![Take Your Threat Intelligence Insights to the Next Level](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_652587526_1.jpg.webp?itok=T3A-I9wW)
As your attack surface grows and the threat environment becomes increasingly complex, it’s more important than ever to take a risk-based approach to cybersecurity. By doing so, you can focus your limited resources on the areas that have the biggest impact on your security performance — empowering you to save time and money.
![How Security Performance Management Fits Into Your Tech Stack](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1381797128_1.jpg.webp?itok=VjLn9ZXX)
In our ever-evolving, dynamic cybersecurity landscape, new vulnerabilities are being exploited daily and potential threats can escalate very quickly. Expectations and standards of care are constantly in flux — and what constituted “adequate” security yesterday may not be enough today. As the attack surface continues to grow, it’s more important than ever that you can quickly identify and remediate cybersecurity gaps that exist within your infrastructure.
![Why Cyber Risk Prioritization is Essential to a Solid TPRM Program](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_458151352_1.jpg.webp?itok=IMJ7zz4j)
Today’s businesses can’t succeed on their own, which is why they turn to third parties to grow and stay competitive. However, these partnerships can introduce unwanted cyber risk.
![Protecting Sensitive Data: 4 Things To Keep In Mind](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_382458778_1.jpg.webp?itok=p4SUQiuE)
Given the recent security breaches and reported hacking attempts, it is increasingly important for companies to have a handle on their most sensitive data. Sensitive data can include employees’ personal information, customer information, trade secrets, and other types of data that would cause internal breaches to company information if obtained by a hacker. To identify your organizations’ sensitive data points, refer to our recent article highlighting 5 examples of sensitive data.
![How Continuous Monitoring Revolutionizes Third-Party Risk Management](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1499306735_1.jpg.webp?itok=yqaWCBap)
If you’re running a third-party risk management program, you’re probably no stranger to pressure. Between business owners demanding vendors be onboarded ever faster, to the ever present threat of a data breach, there is a lot to worry about. One of the biggest concerns in today’s security environment is the constantly evolving threat of a breach - especially with vendors.
![Secure Remote Work: New Threats Require a Shift in Policy and Training](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_431935282_1.jpg.webp?itok=kpxfqnAC)
Working from home introduces significant cyber risk to any organization. However, recent events reveal that it’s not a case of “if” but “when” bad actors will exploit the rampant vulnerabilities on home networks.
![Russian Hackers Validate BitSight WFH Data](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_625624946_1.jpg.webp?itok=vndU-9tP)
This week the New York Times released a report warning that a group of Russian hackers going by the name “Evil Corp” has been attempting to exploit the rampant vulnerabilities presented by the US workforce shifting to working from home at remote offices, raising fears that major U.S. brands, news organizations, or even election systems could be disrupted with ransomware attacks. The research, conducted by Symantec, revealed that 31 large U.S. corporations, including Fortune 500 companies and news organizations, have fallen victim to Evil Corp, and those are just the ones we know about.
![How Organizations Can Reduce the Risk of Ripple20 IoT Vulnerabilities](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_229225618_1.jpg.webp?itok=3hPpZl9_)
“Celebrity” vulnerabilities like BlueKeep attract the attention and resources of security teams, often hogging the spotlight, allowing other, less visible, but just as dangerous, weaknesses that could be exploited by bad actors to go unnoticed. IoT devices are a perfect case in point.
![Employee Spotlight](/sites/default/files/styles/4_3_small/public/2022/02/18/employee%2520spotlight%2520banner_13.png.webp?itok=WGk1kwQh)
My team and I process and record all of the company’s expenses, so all the money that goes out. For me, my role on the team is more on the corporate card side, so anything that is paid on the company credit cards, I record and process in our system. I started mid-April 2019.
What is your background and how did you get into finance?
Prior to this job, I was actually working in retail at CVS, but my degree was in accounting, so that’s how I went from retail to there. I was actually recommended by Chels
What is your background and how did you get into finance?
Prior to this job, I was actually working in retail at CVS, but my degree was in accounting, so that’s how I went from retail to there. I was actually recommended by Chels
![Lessons Learned From the New Court Ruling on the Capital One Breach](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_230526010_1.jpg.webp?itok=ruU0JiwT)
Last year’s Capital One data breach ranks as one of the largest confirmed breaches ever, exposing the personal data of more than 100 million Capital One customer accounts stored in the cloud.