Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
![Blog Image KEV Research Announcement](/sites/default/files/styles/cta/public/2024/05/01/Blog%20Image%20KEV%20Research%20Announcement.png?itok=dUMFV8Tg)
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
![BitSight Joins Local Boston Companies Participating in Annual Pride Parade](/sites/default/files/styles/4_3_small/public/migration/images/BitSight-Boston-Pride-2_1.png.webp?itok=850LYmbN)
On June 9th, a Bitsight team participated in the annual Boston Pride parade for the first time. Boston Pride is a celebration of the city's LGBTQ community and its allies that brings thousands of marchers and spectators into the streets. The parade finishes with a festival at City Hall.
![Make Security Benchmarking a Reality](/sites/default/files/styles/4_3_small/public/migration/images/Make_Security_Benchmarking_a_Reality-013027-edited_2.jpeg.webp?itok=wJ9QVOUl)
Most organizations are accustomed to benchmarking certain business areas like sales, profits, and resource allocation. These areas all have one thing in common — they are easily measured with simple, quantifiable metrics.
![How Security Ratings Can Help Organizations Adhere to Hong Kong’s Cybersecurity Guidelines](/sites/default/files/styles/4_3_small/public/migration/images/bigstock--216042772_1.jpg.webp?itok=F7J8UGoo)
The implementation of many strict cybersecurity regulations and requirements (including GDPR, NYDFS, and more) continues to increase on a global scale. 2018 has also brought about the continuation of strict cybersecurity regulations in the Asia Pacific region: most notably in Singapore, Australia, and Hong Kong. This year, one new requirement from 2017, the Securities & Futures Commission’s Guidelines, go into effect.
![Why Establishing Cybersecurity Benchmarks is a Must for Organizations](/sites/default/files/styles/4_3_small/public/migration/images/Why_Establishing_Cybersecurity_Benchmarks_is_a_Must_for_Organizations-125630-edited_1.jpeg.webp?itok=4D-2x0tp)
Effective cybersecurity involves regularly assessing the effectiveness of your organization’s policies, tools, and processes to ensure you’re staying ahead of the curve. In order to gain insight into your cybersecurity performance, you need clear, continuous, actionable metrics that you can track over time and compare to peers, competitors, and across business units.
![The State of Security in the Boardroom](/sites/default/files/styles/4_3_small/public/migration/images/5.18-SecurityinBoardroom-Blog_2.jpg.webp?itok=pOa1S1SG)
In today’s evolving cyber risk landscape, Boards of Directors are becoming increasingly concerned about their company’s security performance. In fact, the NACD has found that 89% of public companies and 72% of private companies regularly discuss security at Board meetings. While they are asking for updates on enterprise cybersecurity posture more often, they do not necessarily have the expertise or experience to know what to ask for — or how to interpret the technical information presented to them.
![7 Cyber Security KPIs That Will Resonate On A Cybersecurity Dashboard For Your Board of Directors](/sites/default/files/styles/4_3_small/public/2023/06/22/7%20Cyber%20Security%20KPIs%20That%20Will%20Resonate%20On%20A%20Cybersecurity%20Dashboard%20For%20Your%20Board%20of%20Directors.jpg.webp?itok=XIyINUWV)
Quantifying and tracking your cybersecurity performance so you can compare your organization to others, also known as benchmarking, is necessary to improving the effectiveness of your security programs.
![What to Expect in Your CISO’s Cybersecurity Presentation](/sites/default/files/styles/4_3_small/public/migration/images/5.4-Board-Member-CISO-Cybersecurity-Presentation-Blog_1.png.webp?itok=lGeX72XZ)
As a member of your company’s board, you know that cybersecurity is a critical risk that simply cannot be ignored, and that should be reported on regularly by the appropriate executives. According to the 2017 NACD Director’s Handbook on Cyber-Risk Oversight, 89 percent of public-company directors say cybersecurity is discussed regularly in board meetings, and 72 percent of private-company directors say the same. Most companies are clearly moving in the right direction.
![Why We Collaborated with Verizon on the Verizon Risk Report](/sites/default/files/styles/4_3_small/public/migration/images/Verizon-Risk-Review-Blog_1.jpg.webp?itok=OmsBRUTL)
Recently, Verizon announced the Verizon Risk Report (VRR), a new managed service offering that provides a security assessment framework to enable customers to gain a comprehensive view of their cyber risk. By combining external cybersecurity ratings, internal analysis, and culture and process assessments, Verizon is able to provide customers with a holistic profile of security performance and current posture, enabling customer to prioritize security investment and mitigate risks.
The launch
The launch
![Building Our UI Design System](/sites/default/files/styles/4_3_small/public/migration/images/component%2520specs_1.png.webp?itok=QTVeNmMa)
As the Bitsight front end team grows we are investing in our design infrastructure to enable faster development, better collaboration, and a more unified look and feel in our product.
![How Does Third Party Risk Management Relate to IT?](/sites/default/files/styles/4_3_small/public/migration/images/AdobeStock_159912258-111498-edited-min_1.jpeg.webp?itok=mQ7nK_4g)
As advances in cloud computing and managed services have made IT operations more streamlined, the focus of IT leaders has shifted to improving efficiency, agility, and risk management. Managing risk, in particular, has become an even more central concern.
![Security Rating Snapshot Helps Identify & Manage Cyber Risk](/sites/default/files/styles/4_3_small/public/migration/images/4.27-Security-Ratings-Snapshot-Blog-Header_1.png.webp?itok=uvMWbHpm)
Last week, Bitsight released our new Security Rating Snapshot report.
![3 Ways to Ensure Best-in-Class Third Party Cyber Risk Management](/sites/default/files/styles/4_3_small/public/migration/images/AdobeStock_162645021-220945-edited-min_1.jpeg.webp?itok=iWyusjJz)
An effective third party cyber risk management program both identifies potential threats and finds ways to mitigate them. Organizations should aspire to the highest possible standards when it comes to their security posture. To do so, they must leverage the best technology, efficiently allocate resources, and strive for continual improvement.
![Get Started With Vendor Security Risk Management Assessments](/sites/default/files/styles/4_3_small/public/migration/images/AdobeStock_90383463-969480-edited-min_1.jpeg.webp?itok=jjb9Q8pw)
Mitigating risk is an essential business function that should cover obvious domains — like financial risk — but also include reputational, strategic, and operational risks.
![How Long Does It Take To Assess Third Party Cybersecurity Posture?](/sites/default/files/styles/4_3_small/public/migration/images/4.2-FOS-Infographic-Blog-Full_2.jpg.webp?itok=Q0DtnwCL)
With outsourcing continuing to rise, third party cyber risk management has become a pressing issue for organizations worldwide. Yet, many firms across the globe are approaching this challenge differently.
![How BitSight Helps Drive Quick Risk Reduction Across Third Party Ecosystems](/sites/default/files/styles/4_3_small/public/migration/images/3-27-Contextual-EVA-Blog-Full_1.png.webp?itok=GN5Gidos)
At a recent Bitsight Roadshow, a customer with an advanced third party risk management program declared “assessments are not risk reduction.” The statement was not meant to convey that assessments are useless for third party risk; rather, that assessments themselves don’t inherently drive risk down.