Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
![Blog Image KEV Research Announcement](/sites/default/files/styles/cta/public/2024/05/01/Blog%20Image%20KEV%20Research%20Announcement.png?itok=dUMFV8Tg)
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
![The Board’s Role in Cyber Risk Management: Advice from Top Directors](/sites/default/files/styles/4_3_small/public/migration/images/bigstock-Business-Team-Meeting-Present--253202224_1.jpg.webp?itok=pYohAbIJ)
In today’s evolving threat landscape, corporate directors are increasingly asking for security performance updates from Chief Information Officer, Chief Information Security Officers, Chief Risk Officers, and other executives.
![Improve IT Vendor Monitoring with Data-Driven Conversations](/sites/default/files/styles/4_3_small/public/migration/images/IT%2520Team-Improve-IT-Vendor-Monitoring_2.jpg.webp?itok=7d1FDwo5)
Businesses are becoming increasingly reliant on outsourced IT services to support day-to-day operations.
![The State of Cyber Risk in Spain](/sites/default/files/styles/4_3_small/public/migration/images/bigstock--182719168_2.jpg.webp?itok=P7WEiUFM)
In Spain, cybersecurity is becoming more of a priority among businesses across all industries. One way to quantify these cybersecurity postures is by looking at Spain’s security ratings across all markets. In Spain, Bitsight Security Ratings are on average 119 points below Europe as a whole. The highest performing industry is Real Estate, which has a security rating of 71 security rating points better than the European average. The lowest performing industries are Financial Services and Insurance, which are more than 200 security rating points lower than the average European rating. Given the sensitive data financial services companies possess, this report suggests there is a need for additional investment in cybersecurity and cyber risk management. As companies invest in digital transformation programs, their exposure to risk increases and requires an increased investment in risk management across their organization.
![A Cybersecurity Conversation with the Board: Q&A with James Lam](/sites/default/files/styles/4_3_small/public/migration/images/bigstock-Business-people-sitting-in-boa-206016238_1.jpg.webp?itok=BE_EnHqF)
In today’s evolving threat landscape, corporate directors are increasingly asking for security performance updates from Chief Information Security Officers, Chief Information Officers, Chief Risk Officers, and other executives. I recently sat down with James Lam, director at RiskLens and E*TRADE Financial Corp., to discuss Board members’ responsibility when it comes to information security and cyber risk.
![Best Practices for Cybersecurity Awareness Month with Stephen Boyer](/sites/default/files/styles/4_3_small/public/migration/images/bigstock-Cyber-Attack-Detection-Intern-243812206_1.jpg.webp?itok=DwtGw9F3)
October was Cybersecurity Awareness Month, which gave companies the opportunity to thoroughly examine their security and risk programs and identify where they can strengthen security practices. A Bitsight, we talk about risk management every day. We sat down with our Co-Founder & CTO, Stephen Boyer, to talk about the significance of having a risk-aware organization and proactive ways security ratings can help with risk management.
![Using Security Ratings to Drive Organizational Performance](/sites/default/files/styles/4_3_small/public/migration/images/bigstock-Businessman-using-a-digital-ta-209395744_2.jpg.webp?itok=UzGSTRum)
An increasing number of security and risk teams are using security ratings to effectively assess the impact of their security programs as well as communicate changes to key decision makers — like the Board of Directors. These teams know that their company needs tools that provide an objective and quantitative view of their cybersecurity performance over time.
![Streamline Your Bank's Third-Party Vendor Management Risk Assessments](/sites/default/files/styles/4_3_small/public/migration/images/bigstock-Risk-Assessment-on-Ring-Binder-121113230_1.jpg.webp?itok=Z7V1Ibt2)
Banks and other financial institutions are a proving ground for new risk management methods. High risk and intense regulations feed into a culture of serious, comprehensive security — a culture that has manifested in mature methodologies such as the three lines of defense.
![Should Cybersecurity Have a Voice in Vendor Procurement?](/sites/default/files/styles/4_3_small/public/migration/images/3.%2520vendor%2520procurement_1.jpg.webp?itok=TNYkRavb)
Business leaders now realize that their data is being exposed to risk by their vendors, and that monitoring and remediating these threats is a necessary part of an effective cybersecurity program.
![4 Cybersecurity Factors Every Board Member Must Consider for 2019 Planning](/sites/default/files/styles/4_3_small/public/migration/images/bigstock-Business-Woman-Leader-Making-P-253201858_1.jpg.webp?itok=mYkku1Zv)
Cybersecurity is a growing topic of discussion in Board meetings everywhere — given this fact, Board members need to be prepared to speak knowledgeably about their organization’s cybersecurity posture and programs. As businesses near the last quarter of the year and begin their planning processes, Boards must also be thinking about how to best prepare for 2019. Here are some factors that Boards must take into consideration:
![Quantifying Cybersecurity Risk: A Beginners Guide](/sites/default/files/styles/4_3_small/public/migration/images/bigstock-Asian-Business-Adviser-Meeting-226416148_1.jpg.webp?itok=Qb25yCDA)
In a 2017 survey of almost 1,300 CEOs conducted by PwC, 63% of respondents said they were “extremely concerned” about cyber threats — up from just 8% in 2013.
![5 Reasons Not To Miss BitSight’s Inaugural EXCHANGE Event](/sites/default/files/styles/4_3_small/public/migration/images/18-BITS-1000-Linkedin-1200x627-Tier2-2_1.jpg.webp?itok=Lx2JYOG3)
On October 9th & 10th, Bitsight will host EXCHANGE, the premier event for security and risk professionals, at the Intercontinental New York Times Square. Over the course of this one-day event, distinguished business and technology leaders will discuss the current and evolving state of cybersecurity, best practices for addressing cyber threats, and how to both prioritize and focus risk management efforts within an organization.
![Fact or Fiction (Part 2): More Misconceptions About Third-Party Risk Management](/sites/default/files/styles/4_3_small/public/migration/images/7.16-Blog-Fact-Fiction-TPRM_9.jpg.webp?itok=lGWyVvjZ)
Over the course of this blog series, we’ve addressed some of the major concepts surrounding third-party risk, as well as addressed some misconceptions. In this final post, we’ll continue to examine the last three of the top notions surrounding third-party risk management programs and weed out fact from fiction.
![Cybersecurity Metrics Your CIO Expects You to Know](/sites/default/files/styles/4_3_small/public/migration/images/bigstock-Business-Finance-Accounting--237523486_1.jpg.webp?itok=Cfl9ezfF)
In today’s landscape, managing your internal security processes as well as creating a third-party vendor risk management program should be top of mind, but prioritizing a solid understanding of the metrics surrounding your cybersecurity programs almost just as important. These metrics should dive deeper than “yes” or “no” questionnaire answers, but should help you gain a more comprehensive understanding of where you and your third parties fall when it comes to proactively mitigating cyber risk.
![Fact or Fiction (Part 2): More Misconceptions About Third-Party Risk Management](/sites/default/files/styles/4_3_small/public/migration/images/7.16-Blog-Fact-Fiction-TPRM_9.jpg.webp?itok=lGWyVvjZ)
There are many third-party risk concepts, some of which we addressed in the first blog post of this series. While third-party risk management (TPRM) programs are becoming increasingly common for businesses, there are still some misconceptions about the elements that comprise them. In the second post of our three-part blog series, we’ll take a look at some of the notions surrounding third-party risk management programs and weed out fact from fiction.
![A Forward-Looking View Into Security Performance](/sites/default/files/styles/4_3_small/public/migration/images/bigstock--195359497_1.jpg.webp?itok=SJHgxD5p)
For the last five years, Bitsight Security Ratings have been helping companies gain insight into the efficacy of their security programs, as well as the security performance of third and fourth party vendors. Today, the Bitsight Security Rating platform provides a year’s worth of data on all companies to paint a comprehensive picture of a company’s security posture over time.