Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
![Blog Image KEV Research Announcement](/sites/default/files/styles/cta/public/2024/05/01/Blog%20Image%20KEV%20Research%20Announcement.png?itok=dUMFV8Tg)
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
![4 Cybersecurity Metrics To Report To The Board](/sites/default/files/styles/4_3_small/public/migration/images/Thumb_-_4_Cybersecurity_and_Information_Security_Metrics_To_Report_To_The_Board_1.jpg.webp?itok=TAb5SfK5)
There are many different metrics that the CISO or CIO collects to measure the performance and effectiveness of its cybersecurity program. But only a select number of these metrics hold enough weight to be reported to the C-suite. The security metrics and measurements that make it to the boardroom should be presented in a language the Board understands, and should speak directly to whether the organization is taking the right steps toward security.
![UK Cybersecurity Strategy: 5 Things To Keep In Mind](/sites/default/files/styles/4_3_small/public/migration/images/Thumb-UK_Cybersecurity_Strategy_5_Things_To_Keep_In_Mind_1.jpg.webp?itok=_Fg-VSRR)
We’ll start by saying there isn’t anything inherently different about a U.K. cybersecurity strategy compared to one in, say, the U.S. But many countries do face some specific cybersecurity strategy challenges, whether they’re regulatory or situational—and the U.K. is no exception.
![Introduction To Information Risk Management In The UK](/sites/default/files/styles/4_3_small/public/migration/images/Thumb-Introduction_To_Information_Risk_Management_In_The_UK_1.jpg.webp?itok=iAs19jaP)
Before we go into details about managing information risk, let’s start with a working definition we can refer back to:
![BitSight Expands Data Breadth in Security Ratings Platform](/sites/default/files/styles/4_3_small/public/migration/images/flyingplanes-stock-thumb_1.jpg.webp?itok=g8cztMXx)
Bitsight is proud to announce the release of new features that provide expanded data breadth to all customers. These new innovations enable customers to better identify risks in third party networks and their own networks. Annotations, a new innovation in the security ratings market that allows customers to add tags to specific parts of their network asset maps, providing context for customers to take appropriate action with new events on their network or the network of a third party. Furthering Bitsight’s mission to provide actionable data, Patching Cadence, the newest Diligence risk vector, is expanding data breadth in the platform. This risk vector evaluates a company’s responsiveness in patching major vulnerabilities. Learn more about these features that are helping customers better manage and streamline their security risk management efforts:
![bitsight-blog](/sites/default/files/styles/4_3_small/public/2024/05/24/bitsight-blog.jpg.webp?itok=-q3o2lKI)
GhostPush is an Android malware that was first discovered in September 2015. Once installed on a user’s device, it will display unsolicited advertising, and install unwanted applications on the user’s device. This malware is also known for rooting the user’s device and making itself very hard to uninstall.
![Panama Papers: The Cybersecurity Risk Perspective](/sites/default/files/styles/4_3_small/public/migration/images/Panama_Papers_1.jpg.webp?itok=qlx1ltOT)
Touted as “history’s biggest data leak”—with over 2.6 terabytes of information compromised—the “Panama Papers” is one recent data breach that has drawn a great deal of press over the past few weeks. Over 11 million documents were leaked from a renowned Panamanian law firm, Mossack Fonseca, which specializes in offshore holdings. The firm claims their email server was breached, which compromised the files. The papers were obtained by a German newspaper, shared with International Consortium of Investigative Journalists (ICIJ), and revealed over 200,000 offshore companies. It is not yet clear how many of these holdings are facilitating illegal or unlawful activity.
![Analyzing 3 Major Data Breaches Of 2015](/sites/default/files/styles/4_3_small/public/migration/images/Thumb-Data-Breaches-Of-2015_1.jpg.webp?itok=bEMVqzQZ)
Some of the largest data breaches in history happened in 2015. Notable breaches on that list include PNI Digital Media, Anthem Insurance, and The Office Of Personnel Management. These three weren’t necessarily the top data breaches of last year in terms of size or impact, but they were important because these organizations were so highly trusted and recognized in their respective industries.
This is the final entry in a three-part series on Bitsight’s new Event Store. In the first and second posts, we described some key components of the architecture. Because of the limited number of access patterns we had to support (bulk inserts, mostly in chronological order; full scans, coarsely filtered by key range and time), we were able to implement a simple NoSQL-style database, using flat Parquet files on Amazon’s S3 as the storage layer.
![How To Lower The Risk Of A Bank Data Breach](/sites/default/files/styles/4_3_small/public/migration/images/safety_deposit_bank_data_breach_small_1.jpg.webp?itok=SX4WAaaa)
The financial services industry is a leader in many aspects of cybersecurity performance and has set the standard in areas like vendor risk management. Why? Because risk is built into their culture. Inherent in the financial services industry is how to measure and mitigate risk, and they’ve become very effective at it.
![17 Major Data Breaches From 2013 To 2015](/sites/default/files/styles/4_3_small/public/migration/images/Thumb-17-Major-Data-Breaches-From-2013-To-2015_1.jpg.webp?itok=m9PhyFxP)
It goes without saying that the following data breaches were incredibly damaging, both to the companies and to those affected. Each has resulted in some level of data loss, financial loss, and reputational harm. Below, we’re exploring what some of the top breaches in 2015, 2014, and 2013 were and examining the commonalities and differences between them.
![Analyzing Vendor Risk Tools: Vulnerability Scans, Penetration Tests & More](/sites/default/files/styles/4_3_small/public/migration/images/Thumb-Selecting-The-Right-Vendor-Management-Software-5-Things-To-Keep-In-Mind_1.jpg.webp?itok=llYRgc5d)
This is a two-part blog post. First, you'll discover 5 things to keep in mind when selecting a vendor management software. In the second part, you'll read on to uncover the pros and cons of the many vendor risk management tools that organizations have to assess third party vendors.
![63,000 Personal Records Compromised in UCF Data Breach](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1570341841_1.jpg.webp?itok=H-eneoKe)
Students and faculty from the University of Central Florida (UCF) have filed a class action lawsuit alleging that the university failed to notify affected individuals of data loss resulting from a cyber attack in a timely manner.
![Why Your Business Needs a Vendor Management Policy](/sites/default/files/styles/4_3_small/public/migration/images/Thumb-4-Reasons-You-Need-A-Vendor-Management-Policy-Right-Now_1.jpg.webp?itok=71iE8N0O)
This post was updated on September 14, 2020.
![bitsight-blog](/sites/default/files/styles/4_3_small/public/2024/05/24/bitsight-blog.jpg.webp?itok=-q3o2lKI)
A new security vulnerability in an older version of TLS / SSL was announced this week and has been named “DROWN” by its authors (Decrypting RSA with Obsolete and Weakened eNcryption). It’s estimated to affect up to 11 million servers using the TLS / SSL protocol, from websites to e-mail servers. This unique attack allows a third-party who has intercepted encrypted traffic between a client and an unaffected server, such as one only supporting TLSv1.1 and TLSv1.2, to use another server that is using the same RSA private / public key-pair to act as an oracle to decrypt the intercepted traffic. This leads to a larger attack surface than would normally be exposed if the vulnerability were isolated to a single host since it allows an adversary to perform a “cross-protocol” attack by taking advantage of servers sharing the same TLS / SSL certificates.
![Top 3 Cybersecurity Metrics To Start Tracking](/sites/default/files/styles/4_3_small/public/migration/images/Thumb-Top-3-Cybersecurity-Metrics-To-Start-Tracking_1.jpg.webp?itok=NAuj-Oag)
Creating a vendor risk management program is of utmost importance in today’s threat landscape. So if you don’t have a program in place already, you may be wondering where—and how—you should get started. One of the building blocks for any security program is the creation of actionable cybersecurity metrics. These will help you go beyond “yes” and “no” answers in your own organization (and your vendors’) and see exactly how well-prepared your company is to protect against cyberthreats.