Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
Today, businesses are at an interesting intersection when it comes to cybersecurity reporting: with modern technology, tons of data and thousands upon thousands of metrics are available to report on — but it’s difficult to determine which cybersecurity metrics actually matter. Because of this conundrum, many security and risk professionals feel a level of confusion around their security posture (and the security posture of their third party vendors). Does this sound familiar?
The financial services industry is known for its mature cybersecurity programs. There are many drivers for this, one being the increasingly strict regulatory environment. For example, the Office of the Comptroller of the Currency (OCC) indicated in early 2017 that financial service companies should be prepared for examiners to evaluate third-party cybersecurity.
In today’s market, an increasing number of security and risk management executives are being asked to present to the Board of Directors on the state of their — and their third parties’ — security and risk programs. Gartner estimates that by 2020, 75% of Fortune Global 500 companies will treat vendor risk management as a board-level initiative to mitigate brand and reputation risk. Bitsight understands that making an organization’s cybersecurity posture accessible to C-level executives and the Board of Directors is becoming more of a requirement within the business; we’ve added capabilities within Bitsight Security Ratings that arm security and risk management executives with actionable metrics that they can share with the Board of Directors.
Want to know what it’s like to be an engineer at Bitsight? Check out this Q&A with a member of our engineering team to learn about his role as Team Lead, his experience, and more.
If you’re involved in a healthcare-based organization, you’ve likely noticed the push for stronger vendor security and vendor risk management (VRM) practices. There are a few reasons for this.
Security media is pervaded by seemingly ever-increasing and ever-worsening reports of data breaches at businesses ranging from your mom-and-pop corner store to large retail and internet giants. But how accurate is the perception that breaches are on the rise? Are more security events actually happening, or are we simply observing increased compliance with strengthening reporting requirements? More importantly, can companies learn from these incidents or are businesses doomed to repeat them?
A loss trend can be defined as a projected loss expectation based on historical data. If you find that past losses might be indicative of potential future losses, you can then use this information to price your services accordingly.
In today’s world, organizations must be extremely conscientious about their vendors. It is just as important to be aware about the security of third-party networks as it is to be aware of their own. In April 2017, Netflix’s new season of the hit show “Orange is the New Black” was stolen and leaked after they ignored several ransom requests by a hacker. The agent was able to breach Larson Studios, a third party postproduction company for Netflix. It’s critical that organizations have a vendor risk management (VRM) program in place to address the risk posed by third parties. As outsourcing and the use of cloud services continues to grow, it’s even more crucial that the strategy can scale to meet the rising demands to increase the number of vendors. This is where many companies are falling short today.
Want to know what it’s like to be an engineer at Bitsight? Check out this Q&A with a member of our engineering team to learn about his role as an engineering director, his experience, and more.
Here @Bitsight, we are committed to our mission to transform the understanding of cyber risk through the usage of Security Ratings. It’s pretty serious stuff and involves lots of inspiration and even more perspiration. BUT we are not just about work. It’s important to us to have balance — to be involved in the local community and also to have plenty of fun.
In today’s security ratings services market, a few companies have offerings described as “swaps” or “slots.” When considering third party monitoring, this gives organizations the option to “trade out” which vendors they are monitoring when they see fit. But, does this type of disjointed monitoring actually proactively mitigate risk (which is the goal of utilizing a security ratings service) or just shift it around and hide it? This approach poses several problems.
Want to know what it’s like to be an engineer at Bitsight? Check out this Q&A with a member of our engineering team to learn about her role as a software engineer, her experience, and more.
As an underwriter who’s constantly trying to balance being both quick and careful, the worst thing you can do is treat every single applicant the same. Doing so can ultimately be setting you up to take on more risk than you’d expect. Of course, the more experience you have, the better you’re able to quickly assess a company’s risk posture.
Bitsight recently completed a reorganization of a large part of our Single Page Application (SPA) code. Our goal was to make our codebase more scalable and developer-friendly by adding a few simple rules for where different parts of the application should live. In this article, I’ll describe what we left the same, what we changed, and how we did this while continuing to ship features on time.
Organizations today aren’t single entities—they are interconnected networks of third parties. While third party relations are critical for success in the majority of businesses, they also leave data more vulnerable to exposure. In today’s threat landscape, vendor risk management (VRM) is absolutely critical and should be carefully considered across all business relationships with solidified risk management principles.