Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
![Blog Image KEV Research Announcement](/sites/default/files/styles/cta/public/2024/05/01/Blog%20Image%20KEV%20Research%20Announcement.png?itok=dUMFV8Tg)
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
![4 Important Vendor Risk Management Principles For Security Managers](/sites/default/files/styles/4_3_small/public/migration/images/The_4_Most_Important_Vendor_Risk_Management_Principles_For_Security_Managers_-_thumb_1.jpg.webp?itok=nTtpNWf5)
Organizations today aren’t single entities—they are interconnected networks of third parties. And while third party relations are critical for success in most businesses, they also leave data more vulnerable to exposure from bad actors. Because of this, vendor risk management (VRM) is becoming an even more important business practice.
![Breaking Down 3 Of The Latest Cybersecurity Breaches](/sites/default/files/styles/4_3_small/public/migration/images/Breaking_Down_3_Of_The_Latest_Cybersecurity_Breaches_-_thumb_1.jpg.webp?itok=CcDYFWW8)
Even with every safeguard in place, it’s simply impossible to avoid all cybersecurity breaches. That being said, there are things you can do to lower the chance of a catastrophic one happening in your organization. By looking at a few recent attack vectors and what can be done to mitigate the risks these companies weren’t prepared for, you can help make sure your organization is prepared for a possible cybersecurity breach.
![Why Cyber Insurance Providers Need Security Ratings](/sites/default/files/styles/4_3_small/public/migration/images/Why_Cyber_Insurance_Providers_Need_Security_Ratings_-_thumb_1.jpg.webp?itok=OEvdPhI7)
While cybersecurity insurance is a relatively new line of service in the industry (it’s only been around for the last 10-15 years), it is currently the fastest-growing form of insurance. And it’s no wonder—today, a data breach at a large company could cost hundreds of millions of dollars. Spurred on by recent increases in breach activity that have resulted in direct consequences and major costs to companies in every industry, more and more organizations are looking to transfer some cyber risk to insurance companies.
What does cyb
What does cyb
![How Different Industries Have Fared In Data Breach Prevention](/sites/default/files/styles/4_3_small/public/migration/images/How_Different_Industries_Have_Fared_In_Data_Breach_Prevention_-_thumb_1.jpg.webp?itok=rO5MIunn)
PwC recently published The Global State of Information Security Survey 2016, which highlights security trends in a number of industries and key themes across all industries.
![Brexit and Cybersecurity: Anger Is an Energy](/sites/default/files/styles/4_3_small/public/migration/images/brexit-stock-thumb_1.jpg.webp?itok=ayc7kfDU)
Right now, the UK is in political turmoil, which makes any long-term cyber security predictions difficult. But it is possible to make statements about cybersecurity in the short term.
![How CISOs Should Establish A Vendor Management Process](/sites/default/files/styles/4_3_small/public/migration/images/Thumb-How_CISOs_Should_Establish_A_Vendor_Management_Process_1.jpg.webp?itok=Exb7SgkX)
Vendor management spans a wide variety of topics: from contracts, to metrics, to relationships, and beyond. But one of the most critical aspects of vendor management—particularly for a CISO—is how to manage the risk your vendors bring to the table.
![Infection counters & measurement techniques](/sites/default/files/styles/4_3_small/public/migration/images/6anubisblogthumb_1.png.webp?itok=Y-8l5ML5)
In June 2016, we observed an all time high of number of infections worldwide, breaking the previous record and raising the number of unique active observed IPs to 20,579,894 measured over a 7 day time window.
![bitsight-blog](/sites/default/files/styles/4_3_small/public/2024/05/24/bitsight-blog.jpg.webp?itok=-q3o2lKI)
The importance—and urgency—of cybersecurity measures have become increasingly visible in recent years. Yearly industry reports from the likes of Verizon, Trustwave, and PwC all express the importance of cybersecurity measures and the costly consequences of cyberattacks. No company wants to become another data breach statistic—but some decision-makers still may not understand the urgency of cybersecurity protection.
![The Problem with Modern Supply Chains](/sites/default/files/styles/4_3_small/public/2022/08/16/The%20Problem%20with%20Modern%20Supply%20Chains-min.jpg.webp?itok=XWzQNAuO)
Surveys highlighting third-party security and supply chain risk management best practices are conducted regularly. Many of them draw a similar conclusion: that supply chain risk management is a critical issue IT professionals are aware of, but the awareness isn’t necessarily leading to actionable (or effective) programs and policies.
![File Sharing & Email Security Across The Globe](/sites/default/files/styles/4_3_small/public/migration/images/digitalglobe-stock-thumb_1.jpg.webp?itok=nmEQyvmw)
Despite all the complex cybersecurity threats facing organizations around the globe, employee behavior often leads to security compromise. In a recent Experian survey, 66% of data protection and privacy training professionals say employees at their organizations are the weakest security link. Yet beyond training and educating employees, there are policies and controls organizations can implement to further reduce risk. By eliminating Illicit peer-to-peer file sharing and properly configuring email security protocols, organizations can diminish the likelihood that employees will inadvertently introduce malware into company networks.
![bitsight-blog](/sites/default/files/styles/4_3_small/public/2024/05/24/bitsight-blog.jpg.webp?itok=-q3o2lKI)
Anubis Networks began monitoring Necurs, a malware family known for it's rootkit capabilities, in August 2015. Since then we have been able to observe approximately 50.000 unique IP addresses connecting to our sinkhole over a 24 hour time period. However, we recently discovered that we were only seeing a small part of the whole botnet.
![4 Crucial Cyber Risk Management Steps Your Company Should Take Right Now](/sites/default/files/styles/4_3_small/public/migration/images/thumb_proactive_cyberrisk_mgmg_1.jpg.webp?itok=vKo2Dgxh)
According to Merriam-Webster, proactivity is defined as “controlling a situation by making things happen or by preparing for possible future problems.
Its antonym, reac
Its antonym, reac
![2015 Percentage of p2p downloads with malware](/sites/default/files/styles/4_3_small/public/2022/08/26/2015%20Percentage%20of%20p2p%20downloads%20with%20malware.png.webp?itok=e3snGu7Y)
Bitsight is proud to announce the release of our latest research report, ”Bitsight Insights Global View: Revealing Security Metrics Across Major World Economies”. This report looks at the Security Ratings of a random sample of 250 companies from the United States, the United Kingdom, Singapore, Germany, China and Brazil from May 1, 2015 to May 1, 2016. Security and risk professionals can use the findings of this report can utilize these findings to better understand the potential cyber risks of doing business in foreign countries.
![Do Investors Care About Cybersecurity?](/sites/default/files/styles/4_3_small/public/migration/images/investor-stock-thumb_1.png.webp?itok=He9oNqvM)
Given the financial, reputational, and legal harm that can arise from cyber breaches, corporate shareholders and investors are increasingly concerned about the cybersecurity of the companies in their investment portfolio. How will investors begin to engage with companies on this issue?
![The Top Cybersecurity Threats Of 2016: An Overview For Board Meetings](/sites/default/files/styles/4_3_small/public/migration/images/Thumb_-The_Top_Cybersecurity_Threats_Of_2016_An_Overview_For_Board_Meetings_1.jpg.webp?itok=V-Xcuq6W)
Boards today have a vested interest in the cybersecurity posture of their companies. Because of this, board members are increasingly interested in being briefed on top cybersecurity threats and understanding the countermeasures that should be taken to avoid them.