Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
![Blog Image KEV Research Announcement](/sites/default/files/styles/cta/public/2024/05/01/Blog%20Image%20KEV%20Research%20Announcement.png?itok=dUMFV8Tg)
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
![Data Insights on the BlueKeep Vulnerability](/sites/default/files/styles/4_3_small/public/migration/images/bigstock-Close-Up-Laptop-Computer-And-T-290302069_1.jpg.webp?itok=HuQiTlCQ)
On May 14th, Microsoft issued a warning about the BlueKeep vulnerability (CVE-2019-0708) affecting Remote Desktop Services Protocol (RDP), a component common in most versions of Microsoft Windows that allows remote access to its graphical interface. This vulnerability, if exploited by an external attacker, will lead to full system compromise, without requiring any form of authentication or user interaction.
![New Study: Organizations Struggle to Manage Cyber Risk in Their Supply Chains](/sites/default/files/styles/4_3_small/public/migration/images/bigstock-World-Map-Plane-Logistic-In-Ne-216174871_1.jpg.webp?itok=_QxY0y-I)
A new report from McKinsey & Company sheds light on something we’ve known for many years – organizations are struggling to make significant progress in managing cybersecurity risk in their supply chains.
![Eradicate Cyber Threats: Launch Your Third-Party Risk Management Program](/sites/default/files/styles/4_3_small/public/2022/02/18/Eradicate%20Cyber%20Threats-%20Launch%20Your%20Third-Party%20Risk%20Management%20Program.png.webp?itok=vfTPV2fd)
When launching a third-party risk management (TPRM) program, one of the best places to begin to be proactive about mitigating cyber risk from your third parties is by examining the vulnerabilities present on their network. Despite global knowledge of the harm that vulnerabilities can do to users and businesses alike, they still continue to persist and cause business interruption worldwide.
![The Perfect Cyber Storm is Brewing. Are You Prepared?](/sites/default/files/styles/4_3_small/public/migration/images/bigstock-Abstract-Technology-Background-250119211_2.jpg.webp?itok=tVGGXqu4)
Data breaches are never far from the news. Some recent headlines have even suggested that they’ve become the “new normal.” And while we haven’t seen a wide-scale attack since WannaCry was unleashed two years ago, a recent turn of events suggests that the perfect cyber storm may be brewing.
![Security Performance in Business Context: How Forecasts Empower Organizations to Improve Processes](/sites/default/files/styles/4_3_small/public/migration/images/bigstock-Asian-Business-Adviser-Meeting-253996027_1.jpg.webp?itok=2v6oJlEy)
When it comes to managing your organization’s cybersecurity performance, understanding the business context in which you make decisions is key. By leveraging security ratings you can understand the efficacy of your current security program, identify control gaps and/or failures, and determine the best allocation of resources that will lead to overall process improvement. With this level of visibility, security and risk leaders can now lead more data-driven conversations around cybersecurity with internal and external stakeholders about important security initiatives and feel more confident in the investments they are making in their security programs.It’s critical that security leaders understand how to prioritize their efforts. Bitsight for security performance management allows you to easily examine the importance of an event based on both asset importance and event severity. And now with Bitsight’s new integration between the Asset Risk Matrix and the Bitsight Forecasting engine — any security team can quickly assess the expected impact of their efforts based on Bitsight’s recommended remediation plan.
![Docker Hub: Exposing the Hidden Cost of Data Breaches](/sites/default/files/styles/4_3_small/public/migration/images/bigstock-Cyber-Security-Data-Protection-252265303_2.jpg.webp?itok=Ozvoe4oY)
Big risks can come from small, sometimes unexpected places. When compared to all the other vendors you need to manage, you might not think of an image container for apps as a high priority — but the recent breach of Docker Hub shows otherwise.
![What the Marriott Breach Can Teach Us About Cybersecurity in the Tourism & Hospitality Industry](/sites/default/files/styles/4_3_small/public/2022/06/17/bigstock-Passport-Photo-Camera-Smart-min.jpg.webp?itok=HhmDIr7b)
Last fall, news broke of the Marriott breach that compromised the records of up to 500 million customers. The data breach occurred through the IT company, a third party, that managed the Starwood reservation database.
![BitSight Contributes to Verizon's 2019 Data Breach Investigations Report](/sites/default/files/styles/4_3_small/public/migration/images/bigstock-Data-Breach-On-Wooden-Blocks--286847518_1.jpg.webp?itok=0ShaiBLz)
Last week, Verizon published its annual Data Breach Investigations Report (DBIR) which details the major trends in data breaches observed over the previous year. This report has become a widely respected industry standard that companies (across all industries) hold in high regard and frequently reference.
![A Risk-based Approach to Cybersecurity Can Save Time & Money](/sites/default/files/styles/4_3_small/public/migration/images/A_Risk_based_Approach_to_Cybersecurity_Can_Save_Time_And_Money_1.jpeg.webp?itok=mlMxqdSx)
If you’ve glanced at the opinion columns of security industry publications, you’ve probably seen the term “risk-based” floating around, as in “the time is now for a comprehensive, risk-based approach” or “a risk-based approach to security is key to business alignment."
![The Board’s Role in Managing Disruptive Risk: Enter Security Ratings](/sites/default/files/styles/4_3_small/public/migration/images/4.12-Blog-Image-Board-Security-Ratings_1.jpg.webp?itok=bUuAmLnh)
Today, disruptive risks are an area of focus for corporate directors worldwide. On a global basis, we face disruptions in areas like geopolitical volatility, economic slowdown, emerging technologies, cybersecurity threats, and climate change.
![NERC CIP-013-1: Effective Date, Preparation Strategies, & Impact](/sites/default/files/styles/4_3_small/public/migration/images/4.10-Blog-Image-NERC-Utilities_1.jpg.webp?itok=FeBQXNSs)
The North American Electric Reliability Corporation (NERC) has developed a new set of cybersecurity standards designed to help power and utility (P&U) companies limit their exposure to third-party cyber risks and preserve the reliability of bulk electric systems (BES).
![Gartner Names Security Ratings a Top 10 Security Project for 2019](/sites/default/files/styles/4_3_small/public/migration/images/bigstock-Security-Global-Network-278195797_2.jpg.webp?itok=Ms35xcK9)
Just a few weeks ago, Gartner released their list of “Top 10 Security Projects for 2019”, and named security ratings services as a business imperative.
![Is Your Risk Management Program Ready for the New European Banking Authority’s Guidelines?](/sites/default/files/styles/4_3_small/public/migration/images/bigstock-Euro-Coins-Stacked-On-Each-Oth-223184503_1.jpg.webp?itok=RFOUPRap)
In June 2018, the European Banking Authority (EBA) put forth guidelines on outsourcing arrangements that highlighted the importance of risk management within financial organizations. The notice of these guidelines was announced in June 2018 and will be enforced later in 2019.
![BitSight Security Ratings Platform Expands Its Visibility in Compromised Systems](/sites/default/files/styles/4_3_small/public/migration/images/bigstock-cybercrime-hacking-and-techno-239309626_1.jpg.webp?itok=vqoYygdC)
Since creating the Security Ratings market in 2011, a core component of Bitsight’s value to users has been providing industry-leading comprehensive visibility into malware communications.
![Fraudulent Android Advertising SDK Installed In Over 15 Million Devices](/sites/default/files/styles/4_3_small/public/migration/images/bigstock-Wroclaw-Poland--Jan------282826726_1.jpg.webp?itok=0JuQVZje)
Every day, Bitsight monitors the global threat landscape in a constant effort to identify software that may be placing users and organizations at risk. The presence of malware — or simply potentially unwanted applications — in an organization is an indicator that some security controls may be failing, or that some additional measures should be taken.