Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
![Blog Image KEV Research Announcement](/sites/default/files/styles/cta/public/2024/05/01/Blog%20Image%20KEV%20Research%20Announcement.png?itok=dUMFV8Tg)
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
![Cyber Risk Considerations During the M&A Process](/sites/default/files/styles/4_3_small/public/migration/images/mergers-acquisitions-nacd-blog-image_1.jpg.webp?itok=hOODsYci)
Data breaches are a constant in today’s headlines, but in recent years the risk has been front and center of some of the most significant M&A deals. In 2017, Verizon discounted its acquisition price by $350 million when Yahoo belatedly disclosed that it experienced several massive breaches. And in November 2018, Marriott publicly disclosed that Starwood’s guest reservation database — containing hundreds of millions of personal records — had been compromised since 2014, prior to the Marriott acquisition. These incidents — and countless others — raise critical questions. How should Boards be thinking about cyber risk in the acquisition process? What steps should they take to address this risk prior to the acquisition?
![Advanced Security Benchmarking with BitSight Peer Analytics](/sites/default/files/styles/4_3_small/public/migration/images/Peer%2520Analytics%2520Laptop%2520Blog%2520Header_1.jpg.webp?itok=R2eMRhSX)
Based on security performance data of hundreds of thousands of global organizations, Peer Analytics gives security and risk leaders visibility into the relative performance of their cybersecurity programs against a meaningful set of peers. These analytics help them set achievable performance targets based on their Bitsight Security Rating, effectively allocate limited resources, and efficiently prioritize security efforts with a focus on continuous program improvement.
Peer Analytics provides companies with a more granular view of their security rating. It is based on hundreds or thousands of companies (a broader set of similar organizations) that allow you to see where there are gaps in your security performance: at the ratings level, risk vector grade level, and at the vector detail event level.
Peer Analytics: Analyze, Prioritize, Act
Today, security and risk leaders use Peer Analytics to:
Set achievable security goals based on relative performance withi
Peer Analytics provides companies with a more granular view of their security rating. It is based on hundreds or thousands of companies (a broader set of similar organizations) that allow you to see where there are gaps in your security performance: at the ratings level, risk vector grade level, and at the vector detail event level.
Peer Analytics: Analyze, Prioritize, Act
Today, security and risk leaders use Peer Analytics to:
Set achievable security goals based on relative performance withi
![How to Be Confident In Your Third-Party Risk Management Program](/sites/default/files/styles/4_3_small/public/migration/images/bigstock--198899707_1.jpg.webp?itok=5c5MC4rw)
When it comes to third-party risk management (TPRM), many organizations are just beginning to figure out the core components of their program — and some are not implementing any measures to monitor their third parties at all.
![Software Risk Management: 3 Tips for Project & Product Managers](/sites/default/files/styles/4_3_small/public/migration/images/2.19-software-risk-management-tips-blog-image_1.jpg.webp?itok=3sztYmaO)
The development and deployment of software applications is inherently risky; a number of things can go wrong both during development and after launch. Project and product managers must stay aware of risks coming from a variety of areas, including:
![Cyber Basics: Understand Vulnerabilities, Threats & Exploits](/sites/default/files/styles/4_3_small/public/migration/images/bigstock--202598059_2.jpg.webp?itok=tu_C-ocn)
In 2019, cyber incidents will be the second most important global business risk. The more cyber incidents that continue to happen on a global scale, the more critical it is for users to understand how to classify the dangers that exist for both businesses and users. In this blog post, we’ll break down the basics and explore the difference between three key areas of cyber risk: vulnerabilities, threats, and exploits.
![The Time is Now: NYDFS Deadline Means Risk Managers Need to Focus on Third-Party Risk](/sites/default/files/styles/4_3_small/public/migration/images/bigstock-Manhattan-Skyline-At-Night-Ne-18683036_1.jpg.webp?itok=93QBhXGR)
In March 2017, the New York Department of Financial Services (NYDFS) cybersecurity regulations — known as 23 NYCRR Part 500 — went into effect. According to the regulation, “any Person operating under or required to operate under a license, registration, charter, certificate, permit, accreditation or similar authorization under the Banking Law, the Insurance Law or the Financial Services Law” is considered a covered entity and must comply.
![What You Can Do Today to Prevent A Data Breach](/sites/default/files/styles/4_3_small/public/migration/images/What-You-Can-Do-Today-to-Prevent-A%2520Data-Breach_2.jpeg.webp?itok=kFzp4yuX)
When it comes to data breach prevention, there are plenty of guides for reducing risk in the long term. While it’s definitely valuable to be working on a data breach prevention strategy with 6-month, 1-year, or 5-year goals, not every cybersecurity initiative takes so much time.
![BitSight EXCHANGE Sound Bites: Transferring Risk Through Cyber Insurance](/sites/default/files/styles/4_3_small/public/migration/images/jake-exchange-2_1.jpg.webp?itok=OQ1jNtQP)
In the months since Bitsight’s inaugural EXCHANGE forum inaugural EXCHANGE forum, we have been digesting and processing the incredible sessions and discussions that came about from this forum. It was a great event that brought together security executives from all over to discuss the challenges they face in their roles every day.
![BitSight EXCHANGE Sound Bites: Risk Management in Financial Services](/sites/default/files/styles/4_3_small/public/migration/images/finance-panel-exchange_1.jpeg.webp?itok=649lxlVu)
In the months since Bitsight’s inaugural EXCHANGE forum, we have been digesting and processing the incredible sessions and discussions that came about from this forum. It was a great event that brought together security executives from all over to discuss the challenges they face in their roles every day.
![What’s Behind Your Risk Matrix?](/sites/default/files/styles/4_3_small/public/migration/images/bigstock-Matrix-Data-Stream-Design-Ele-270231442_1.jpg.webp?itok=Ufdot2HV)
This quarter, Bitsight released several new product features that enable organizations to more rapidly assess, prioritize and manage cyber risk. These new capabilities — the Portfolio Risk Matrix and Asset Risk Matrix — leverage Bitsight’s market-leading data to provide risk prioritization, helping customers address the most important risks within their own environment as well as their broader third-party ecosystem.
![BitSight EXCHANGE Sound Bites: Reporting to the Board](/sites/default/files/styles/4_3_small/public/migration/images/BitSight-Exchange-Board-Panel_2.png.webp?itok=e7QFL3t7)
In the months since Bitsight’s inaugural EXCHANGE forum, we have been digesting and processing the incredible sessions and discussions that came about from this forum. It was a great event that brought together security executives from all over to discuss the challenges they face in their roles every day.
![Cybersecurity in Europe is Improving: Thank You GDPR?](/sites/default/files/styles/4_3_small/public/migration/images/bigstock--219346900_1.jpg.webp?itok=6n15gyLr)
After years of debate over whether to impose new cybersecurity regulations on companies, General Data Protection Regulation (GDPR) laws went into effect in Europe in May 2018. Already we’ve seen several data breach victims ordered to pay fines under the new rules and cookie disclosure notices are popping up on more websites than ever.
![Forecasting: The Missing Link in Your Annual Security Performance Planning Process](/sites/default/files/styles/4_3_small/public/migration/images/11.29-Forecasting-Blog-Header-Image_1.jpg.webp?itok=HB-lM65g)
When it comes to security performance management within your organization, how do your security teams measure performance? If they’re using security ratings, they know that this objective, quantitative measurement is an effective place to start when evaluating performance in certain areas.
![5 Crucial Strategies for Improving Retail Network Security](/sites/default/files/styles/4_3_small/public/migration/images/6.%2520retail%2520security_1.jpg.webp?itok=4qmAQgNY)
The retail sector has proven that when top minds put their heads together, they can make real headway against pernicious cyber threats. Case in point: the industry-wide adoption of EMV chip cards has played a role in reducing point-of-sale malware attacks by 93% since 2014.
![Forrester Recognizes BitSight as a Leader in Cybersecurity Risk Rating Solutions](/sites/default/files/styles/4_3_small/public/migration/images/bigstock--------223858897_2.jpg.webp?itok=bMn39N9F)
This past Tuesday, Bitsight was named a Leader in The Forrester New Wave™: Cybersecurity Risk Rating Solutions, Q4 2018 evaluation. This report evaluates the current offering and strategy of vendors in a particular technology market, such as security ratings. This is significant, as this is the first analyst report that has a core focus on evaluating security ratings services solutions side-by-side.