Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
![Blog Image KEV Research Announcement](/sites/default/files/styles/cta/public/2024/05/01/Blog%20Image%20KEV%20Research%20Announcement.png?itok=dUMFV8Tg)
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
![New Windows Vulnerabilities Highlight Patch Management Challenges](/sites/default/files/styles/4_3_small/public/2022/02/18/shutterstock_337846166_1.png.webp?itok=KMky4QwR)
For anyone in IT (and even home computer users), Microsoft’s monthly “Patch Tuesday” is an important part of their cyber hygiene routine. This month’s update proved to be a particularly critical one.
![FFIEC IT Handbook Updates: Business Continuity Is 2020 Focus](/sites/default/files/styles/4_3_small/public/migration/images/FFIEC_IT_Handbook_Updates_Business_Continuity_Is_2020_Focus_1.jpeg.webp?itok=aJm0WC0j)
In November 2019, the Federal Financial Institutions Examination Council (FFIEC) released an update to the Information Technology Examination Handbook (IT Handbook). This handbook is a guide for examiners at its member agencies, which include the FRB, FDIC, NCUA, OCC, and CFPB.
![Windows 7 End of Life: What Organizations Are Using the Now Outdated OS?](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_6587947_1.jpg.webp?itok=T4MZZL_P)
This week, Microsoft ended support for the Windows 7 operating system. Among other implications, Microsoft will no longer issue security patches for the nine-year-old OS. Any organization relying on the OS moving forward could be susceptible to a security issue, attack or data breach unless they purchased extended support from Microsoft.
![Employee Spotlight](/sites/default/files/styles/4_3_small/public/2022/02/18/employee%2520spotlight%2520banner_13.png.webp?itok=WGk1kwQh)
I am on the technical research team and I manage the data breach team. We have about five people in Lisbon that record breaches that you see in the news and that we request through the Freedom of Information Act (FOIA). I approve their work, and I send FOIA requests to various attorney generals’ offices for breach notifications that they get. I do those requests myself, and the team records them into the Bitsight portal.
![Businesses Must Prepare Now for the Growing Cybersecurity Cold War](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_82895713_1.jpg.webp?itok=UrrcWa_4)
Each January, cybersecurity pundits busily fill the airwaves with their predictions for the year ahead. There’s much to think about. However one trend is particularly troubling for U.S. and European businesses – an intensification of a new cybersecurity “cold war.”
![Tensions with Iran Could Have Cybersecurity Ramifications for U.S. Businesses](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_761940757_1.jpg.webp?itok=gN1C10YT)
Rising tensions in the Middle East in the wake of the killing of General Qasem Soleimani, the head of Iran’s military Quds Forces, has U.S. troops on high alert.
![Most Urgent CISO Skills 2020: Reporting, Avoiding Burnout, More](/sites/default/files/styles/4_3_small/public/migration/images/AdobeStock_114644268-min-1_1.jpeg.webp?itok=9eufqWIJ)
Since the creation of the first CISO role about 25 years ago, the job has changed dramatically. What was once an uncommon position has quickly become standard, with the majority of companies including a cybersecurity-specific role in their C-suites.
![Life Under the California Consumer Privacy Act: What It Means for Cybersecurity](/sites/default/files/styles/4_3_small/public/2022/02/18/shutterstock_1353251855_1.png.webp?itok=1jCToicd)
The California Consumer Privacy Act (CCPA) is one of the most sweeping acts of legislation in the U.S. relating to the protection of personal consumer information collected by businesses. But what does CCPA mean for cybersecurity and risk leaders? In this post, we explore the key compliance requirements of the CCPA and what actions businesses need to take from both a data privacy and cybersecurity standpoint.
![New Orleans Suffers Friday the 13th Ransomware Attack](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1050436496_1.jpg.webp?itok=DzFuLQk8)
Friday the 13th of December proved to be a cybersecurity nightmare for the city of New Orleans -- and it’s not over yet. At around 5.00 a.m., “suspicious activity”, including evidence of both ransomware and phishing, was detected on the City’s network. Activity progressed throughout the morning until 11.00 a.m., when a cybersecurity incident was confirmed.
![How to Protect your Organization from the Emerging Deepfake Threat](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1464098960_1.jpg.webp?itok=Yha8x4eM)
Mimicking reality is the latest frontier of cybercrime and it’s a growing threat. Cyber criminals are increasingly deploying AI and machine learning to fool unsuspecting victims into believing that they’re seeing or hearing something that they’re not--and pulling off deepfake scams in the process.
![BitSight Predicts the Top 5 Cybersecurity Trends for 2020](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_689486338_1.jpg.webp?itok=qHp3J-B3)
Cyber-attacks have dominated the headlines in the past decade; wreaking havoc with systems, holding data to ransom, undermining public trust in corporations and governments, and causing untold financial damage.
![The DoD’s Cybersecurity Maturity Model Certification Draws a Line in the Sand for Third Party Risk](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_725365696_1.jpg.webp?itok=TytqDZmn)
Federal technology contractors hold the keys to our nation’s security in their networks, servers, and databases. Yet, recent incidents point to worrisome vulnerabilities that indicate increased cyber risk to defense contractors and the supply chain.
![Australian Companies Now Have 6 Months For APRA Compliance](/sites/default/files/styles/4_3_small/public/migration/images/bigstock---July----Canberra-Austra-276708157_1.jpg.webp?itok=NllxUk-X)
Early in 2019, unknown threat actors attempted to hack the Australian federal Parliament’s computer network and the servers used by every politician, staffer, and security officer in Parliament House. Authorities believe there is a strong chance this could have been executed by a state-based actor.
![How Healthcare Organizations Can Get Ahead of New and Worrisome Cybersecurity Developments](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_574043182_1.jpg.webp?itok=ryhZOJBc)
Cybersecurity is a priority for many organizations these days, but one sector of particular concern is healthcare.
![Guide: Fourth-Party Cyber Risk & Management](/sites/default/files/styles/4_3_small/public/migration/images/Fourth%2520party%2520blog%2520post_1.png.webp?itok=OWaBUUiV)
In today’s interconnected world, supply chains are growing exponentially. As a result, third-party risk has become a big focus for senior management. But what about the vendors that your suppliers rely on and the threat of fourth-party risk?