Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
![Blog Image KEV Research Announcement](/sites/default/files/styles/cta/public/2024/05/01/Blog%20Image%20KEV%20Research%20Announcement.png?itok=dUMFV8Tg)
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
![A Breakdown Of Terms In The General Data Protection Regulation (GDPR)](/sites/default/files/styles/4_3_small/public/migration/images/A-Breakdown-Of-Terms-In-The-General-Data-Protection-Regulation-GDPR_1.jpg.webp?itok=x0QyQUkj)
If your company processes the data of individuals who reside in the European Union, the General Data Protection Regulation (GDPR) is likely a hot topic around the office right now. Once the regulation goes into effect in May 2018, companies in violation of the GDPR could face massive penalties. But creating a compliance plan for your company can be quite difficult if you’re unfamiliar with the language used in the regulation.
![What Is the Benefit To an Outside-In Approach to Security Ratings?](/sites/default/files/styles/4_3_small/public/migration/images/12.22-Blog-Image-thumb_1.png.webp?itok=ix3wq5SV)
When Bitsight pioneered the security ratings market over six years ago, it was the first to use the outside-in approach to security ratings. Although not initially intuitive to many people, the value of this approach has become increasingly clear for many reasons and subsequently, its adoption has become more widespread. At Bitsight, we believe that an outside-in approach is the best way to build a security ratings product, and has proven valuable in many use cases.
![The Top 10 Cybersecurity Articles Of 2017: A Recap](/sites/default/files/styles/4_3_small/public/migration/images/Cybersecurity%2520Articles%2520-%2520Thumb_1.jpg.webp?itok=dXIo-aKM)
2018 is right around the corner, and while we’re looking forward to what’s coming, we’re also thinking back on the best of this year. Here’s a look at 10 of our most frequently viewed cybersecurity articles in 2017.
![BitSight Releases ROBOT Vulnerability Identification Feature](/sites/default/files/styles/4_3_small/public/migration/images/Robot-Vulnerability-Blog-Thumb_1.png.webp?itok=PFGoWQgP)
Within the Bitsight Security Ratings platform, we prioritize features specifically chosen to help organizations identify and manage risks across their own networks and the networks of their third parties. Bitsight now enables users to identify organizations who are potentially vulnerable to ROBOT — short for "Return Of Bleichenbacher's Oracle Threat"— attacks. The vulnerability behind the ROBOT attack was originally discovered in 1998 and has resurfaced through a number of proprietary TLS/SSL implementations, affecting some of the most popular websites — including Facebook and PayPal. The vulnerability ultimately provides a method by which an attacker can decrypt TLS/SSL traffic and obtain sensitive information.
![To Quote Or Decline? Using Security Ratings To Validate Cyber Underwriting Decisions](/sites/default/files/styles/4_3_small/public/migration/images/Cyber%2520Underwriting%2520Decisions%2520-%2520thumb-1_1.jpg.webp?itok=E4Debzzh)
Determining whether you should quote or decline a cyber insurance applicant is an extensive and critical process. Typically, the decision is made after gaining an understanding of what the company does, identifying critical application information, and considering your organization’s risk appetite. But are you able to verify whether the decisions you’ve made are valid?
![5 Highlights Of The NYDFS Cybersecurity Regulations](/sites/default/files/styles/4_3_small/public/migration/images/NYDFS%2520Cybersecurity%2520Regulations%2520-%2520thumb_1.jpg.webp?itok=FjSkp1R7)
In March 2017, the New York Department of Financial Services (NYDFS) cybersecurity regulations—known as 23 NYCRR Part 500—went into effect. According to the regulation, “any Person operating under or required to operate under a license, registration, charter, certificate, permit, accreditation or similar authorization under the Banking Law, the Insurance Law or the Financial Services Law” is considered a covered entity and must comply.
![Extra Budget 101: Invest in Your Cybersecurity and Risk Program](/sites/default/files/styles/4_3_small/public/migration/images/12.13-Cybersecurity-Budget-Blog-Full_1.png.webp?itok=ah-vG_aY)
As security and risk professionals work to finish out the year, they must also be thoughtful about planning for 2018. While it’s great to end the last quarter of the business year on a strong note, it’s even more critical for businesses to set themselves up for success when returning to work in January. One of the best ways to accomplish this is to be strategic about the extra budget they possess in Q4, and asking themselves this question: how can my organization be mindful about spending extra funds to benefit our security program later on?
![What You Need To Know About Vendor Compliance](/sites/default/files/styles/4_3_small/public/migration/images/checklist_vendor_compliance_small_1.jpeg.webp?itok=UaUTczO8)
Compliance, at its core, is a legal responsibility. It is defined as “act or process of doing what you have been asked or ordered to do.” Creating a successful vendor compliance program isn’t as simple as asking third parties to comply with your security requests or pestering them to answer your security risk assessment questions.
![A Year in Review: A Look Back on BitSight’s 2017](/sites/default/files/styles/4_3_small/public/migration/images/12.8-Year-In-Review-Blog-Thumb_1.png.webp?itok=-YIG3gCa)
As 2017 draws to a close, we can’t help but be grateful for what a banner year this has been for Bitsight.
![Vendor Risks: 5 Ways To Improve Third-Party Cybersecurity](/sites/default/files/styles/4_3_small/public/migration/images/Vendor%2520Risks%2520-%2520Improve%2520Third-Party%2520Cybersecurity_1.jpg.webp?itok=Bj9vjS6A)
You can’t go more than a few weeks (or sometimes a few days) without hearing about yet another company whose data was compromised after hackers gained access through a third-party vendor. These attacks show that it’s no longer enough to secure only your own network from cyber attacks—you have to ensure your vendor networks are secured as well.
![BitSight Executive Chairman of the Board Receives Recognition By Ronald McDonald House](/sites/default/files/styles/4_3_small/public/migration/images/ronald-mcdonald-house-blog-full_1.png.webp?itok=r0FRxiFV)
Over 15 years ago, Shaun McConnon, Bitsight’s former CEO and current Executive Chairman of the Board, became involved with giving back to the local Boston community. Shaun and his wife, Bonnie, sat on the Board for a Sudbury-based charity benefitting children with cancer, which was affiliated with the first Proton Beam at Massachusetts General Hospital (MGH).
![The 8-Part GDPR Compliance Checklist For Prepared Organisations](/sites/default/files/styles/4_3_small/public/migration/images/GDPR%2520compliance%2520checklist%2520full_1.jpg.webp?itok=DSEQkEU8)
The May 2018 deadline for General Data Protection Regulation (GDPR) compliance is drawing closer — which means your organisation’s compliance activities should be well underway. But if you’re still looking for a place to start, here’s a GDPR checklist template to get you going:
![The Importance of Speed in Driving Business Value Through Your VRM Program](/sites/default/files/styles/4_3_small/public/migration/images/11.21-Speed-VRM-Blog-Thumb_1.png.webp?itok=PhtwSRyf)
In today’s expanding business ecosystem, managing vendor risk is becoming increasingly critical to protecting companies’ sensitive data. With new threats emerging daily and companies continuing to outsource, vendor risk management is an issue that will only grow in affecting organizations and their business partners. According to a recent Navex Global study, the ability to promptly resolve newly identified risks is a top challenge for organizations’ third party risk management programs.
![Examining The Growing Cyber Risk Gap](/sites/default/files/styles/4_3_small/public/migration/images/11.17-Blog-Thumbnail_1.png.webp?itok=ZCv9J3Ah)
In today’s business world, the desire to transact in the digital realm is dramatically accelerating and, unfortunately, so is the cyber risk that one takes on as a result. Organizations that handle sensitive data are more likely to become the targets of hackers who are looking to exploit this information stored within their network. Businesses now find themselves exposed to a growing “Cyber Risk Gap.” This gap is the outcome of the combined impact of the following:
![How Mature Is Your Cyber Risk Underwriting Strategy?](/sites/default/files/styles/4_3_small/public/migration/images/How-Mature-Is-Your-Cyber-Risk-Underwriting-Strategy_1.jpg.webp?itok=vkjA5Ps4)
If I were to ask you whether your cyber risk underwriting strategy is mature, your first question would likely be: “How do you define mature?” It’s a great question! Here’s the answer: A mature cyber risk underwriting strategy considers all relevant underwriting issues when assessing an applicant's or insured’s risk profile.