Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
![Blog Image KEV Research Announcement](/sites/default/files/styles/cta/public/2024/05/01/Blog%20Image%20KEV%20Research%20Announcement.png?itok=dUMFV8Tg)
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
![Optimizing Our Test Infrastructure](/sites/default/files/styles/4_3_small/public/migration/images/bigstock-Programmer-Hands-Working-At-Ho-252378223_1.jpg.webp?itok=RRHn_GIo)
Bitsight is moving fast, but we don’t want to sacrifice code quality for speed, which is why tests have always played an important role in our development process. Although we are not doing TDD (Test-driven development), one of the key requirements for doing test heavy development is that the full test suite should be fast. If running all tests takes less than 5 minutes, developers are more likely to run them frequently and keep adding more tests. However, Bitsight's portal application is a bit of a monolith and takes longer than we would like to run test suites.
![Fact or Fiction (Part 2): More Misconceptions About Third-Party Risk Management](/sites/default/files/styles/4_3_small/public/migration/images/7.16-Blog-Fact-Fiction-TPRM_9.jpg.webp?itok=lGWyVvjZ)
It’s no secret that while it is critical for an organization to have a strong cybersecurity posture, it’s just as important for their third parties to have a strong security posture as well. While this fact is becoming increasingly more acknowledged in the business world (as many companies suffer data breaches at the hands of their suppliers), there are still several misconceptions about third-party risk management (TPRM) programs and what they entail. Among the many initiatives that make up a modern enterprise cybersecurity program, TPRM might be the most misunderstood.
![BitSight Offers Valuable Insight Into Breach Trends](/sites/default/files/styles/4_3_small/public/migration/images/bigstock-Fintech-Icon-On-Abstract-Fina-226174948_2.jpg.webp?itok=Irj15Jpw)
Over the last several months, members of our product team have been working to aggregate all of Bitsight’s security ratings data and highlight important insights about patterns in data breaches. In fact, Bitsight boasts one of the largest data breach data sets. Of course, this only highlights what data Bitsight has visibility into; with the largest sinkholing infrastructure in the world and the security posture of over 130,000 organizations, we have the most comprehensive view into global breach trends.
![What Now? How to Execute the Cybersecurity Plan You Have in Place](/sites/default/files/styles/4_3_small/public/migration/images/What_Now_How_to_Execute_the_Cybersecurity_Plan_You_Have_in%2520Place_1.jpg.webp?itok=6QCpJ3ia)
CISOs and other security leaders are tasked with protecting their organizations from cyber attacks. That means developing and implementing the policies, controls, and procedures that reduce risk and ensure the safety of sensitive data. It also means keeping the cybersecurity program alive and well-funded.In other words, security leaders are fighting on two fronts. When executing a cybersecurity plan, they must employ two distinct yet equally important skill sets: the technical skills to mitigate risk, and the strategic skills to make the case for cybersecurity to their colleagues. Striking a balance between these two categories is tricky. We’ve got some tips for CISOs and other security leaders looking to execute their cybersecurity plans effectively and achieve sustainable results.
![Ticketmaster Breach Highlights Retailers' Dependence on Multitude of Service Providers](/sites/default/files/styles/4_3_small/public/migration/images/bigstock-credit-card-data-security-83131502_1.jpg.webp?itok=j8E4oMdf)
Early last month, it was disclosed that Ticketmaster suffered a data breach through a third party service provider as part of a payment card hacking campaign; Ticketmaster was just one of hundreds of victims. The threat actor, Magecart, compromised over 800 e-commerce sites by secretly installing digital card-skimming software on third-party components and services used by these retailers.
![Which Cybersecurity Tasks Should I Prioritize First? Tips from the Experts](/sites/default/files/styles/4_3_small/public/migration/images/bigstock--177323620_1.jpg.webp?itok=J-XFiRw4)
Cybersecurity is a multifaceted topic with many constantly evolving variables. For CISOs and other security leaders, just knowing where to begin can be a challenge.Let’s say you’ve just taken over an organization’s cybersecurity program, or have been tasked with building one from scratch. You have a limited budget and limited personnel, so you can’t accomplish everything at once. Which tasks deserve your focus in the critical first few months? We’ve rounded up some cybersecurity tips from industry experts to help guide your initial strategy.
![bitsight-blog](/sites/default/files/styles/4_3_small/public/2024/05/24/bitsight-blog.jpg.webp?itok=-q3o2lKI)
[updated January 10, 2021]
![How Continuous Vendor Monitoring Can Prevent Service Interruptions](/sites/default/files/styles/4_3_small/public/migration/images/bigstock--160637267_1.jpg.webp?itok=x2-ojTBt)
On a Friday morning in October 2016, millions of people across North America attempted to visit popular websites including Spotify, Reddit, and the New York Times, only to find that they were inaccessible.
![BitSight Competes in Annual Boston Children's Hospital Corporate Cup](/sites/default/files/styles/4_3_small/public/migration/images/display_AAA983__IMG_9981-966957-edited_1.jpg.webp?itok=AovYjX0F)
On July 12th, eighteen Bitsight employees participated in the Boston Children’s Hospital Corporate Cup. This is an annual event where local Boston companies from across all sectors compete against each other for a good cause: raising one million dollars for the children at Boston Children’s Hospital.
![BitSight Research Highlights Financial Services Security Ratings in the UK](/sites/default/files/styles/4_3_small/public/migration/images/bigstock--223438498_2.jpg.webp?itok=jwVkWTyb)
Over the last several years, cybersecurity regulations (like NYDFS and GDPR) have placed pressure on the financial services industry to build and enforce some of the strongest risk management programs across any industry. These programs focus not only on internal security performance, but also on managing third party risk. Financial service organizations are both highly regulated and handle extremely sensitive personally identifiable information (PII), and as a result typically have higher security budgets when compared to other industries.
![3 Cybersecurity Risk Factors Financial Institutions Often Overlook](/sites/default/files/styles/4_3_small/public/migration/images/3_Cybersecurity_Risk_Factors_Financial_Institutions_Often_Overlook_1.jpeg.webp?itok=Hc-05E1f)
With every reported data breach or cyberattack, the cyber risk landscape gets a little more complex. Cyber criminals create new attack vectors, cybersecurity professionals develop new controls to protect their systems, the criminals get to work circumventing the controls, and so on.The result of this back and forth is that cyber risk professionals have a huge variety of risk factors to worry about. In response, risk managers and security specialists need to develop extremely complex cybersecurity programs to make sure all of their bases are covered. With so many cybersecurity risks to consider, it’s inevitable that some will receive less attention than they deserve. Unfortunately, these overlooked risk factors could play a role in your next cyberattack, and if your financial services firm isn’t prepared, that could be extremely costly. Here are a few historically overlooked risk factors that deserve some additional attention:
![BitSight Releases New VPNFilter & Oracle Weblogic Vulnerability Identification Filters](/sites/default/files/styles/4_3_small/public/migration/images/Woman-Desktop-Security-Ratings-Overview-3_1.png.webp?itok=Dvs5UCQd)
Within the Bitsight Security Ratings platform, we prioritize features that help organizations both identify and manage risks across their own networks and the networks of their third parties. Bitsight now enables users to identify organizations who are potentially vulnerable to VPNFilter malware or Oracle’s WebLogic server problems.
![BitSight Raises $60 Million in Series D Funding To Further Cement Status as Security Ratings Leader](/sites/default/files/styles/4_3_small/public/migration/images/7.2-Blog-BitSight-Series-D_2.jpg.webp?itok=XE-XwYsJ)
Last Thursday, Bitsight announced the closing of our Series D Round of funding. Not only is this important for our company, it is also extremely significant for the security and risk market as a whole.
![EU NIS Directive: The European Union’s First Cybersecurity-focused Legislation](/sites/default/files/styles/4_3_small/public/migration/images/6.15-Blog-EU-NIS-Image_1.jpg.webp?itok=c8cRBjIk)
Last month, the EU NIS Directive (Directive on Security of Network and Information Systems) went into effect. This directive is the first EU-wide piece of legislation specifically focused on cybersecurity. Its goal is to “achieve a high common level of security of network and information systems within EU.” Network and information systems, and the essential services they support, play a vital role in society; their reliability and security are essential to everyday activities.
![Many Third-Party Risk Management Programs are Missing Continuous Monitoring](/sites/default/files/styles/4_3_small/public/migration/images/bigstock--183364126_1.jpg.webp?itok=4CN_Lxdr)
If you’ve done your homework as a cybersecurity professional, then you know that third-party vendors with substandard security controls and processes could be putting your organization at risk.