Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
![Blog Image KEV Research Announcement](/sites/default/files/styles/cta/public/2024/05/01/Blog%20Image%20KEV%20Research%20Announcement.png?itok=dUMFV8Tg)
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
![Why Historical Security Data Matters in Vendor Risk Management](/sites/default/files/styles/4_3_small/public/migration/images/stockindex-stock-big_2.jpg.webp?itok=RMG5yXR1)
In today’s cyber threat landscape, organizations must know how secure they are at any given time. One of the most important questions that security professionals and risk managers can ask is “how secure am I right now?”
![Beyond Heartbleed, POODLE & FREAK: SSL Vulnerabilities Persist](/sites/default/files/styles/4_3_small/public/migration/images/ssl-stock-big_1.jpg.webp?itok=RnwUr0w8)
Bitsight’s Third Annual Bitsight Insights Industry Benchmarking Report looked at some of the major SSL vulnerabilities affecting organizations, including Heartbleed, POODLE and FREAK. Bitsight’s analysis found that a sizeable number of companies across all industries were still running services that were vulnerable to these flaws. As mentioned in our report, businesses can leverage this information as a measure to ensure that proper controls are being met internally. In addition, companies can gain insight into the performance of their key third party vendors when it comes to ensuring that they aren’t running vulnerable services.
![OT/IT Convergence: Why Vendor Risk Matters to Energy and Utilities](/sites/default/files/styles/4_3_small/public/migration/images/OTIT-stock-thumb_1.jpg.webp?itok=JxP5mRXu)
Bitsight’s Third Annual Bitsight Insights Industry Benchmark Report: Are Energy and Utilities at Risk of a Major Breach? discussed the growing convergence of operational technologies (OT) and information technology (IT). In short, this issue revolves around making operational technologies internet enabled. These technologies - which include generation, transmission, smart grid systems, meter reading and more - are increasingly being brought online to enable a smarter grid and systems.
![3 Ways Industry Benchmarking Data Can Be Used in VRM Programs](/sites/default/files/styles/4_3_small/public/migration/images/file-2117911139_2.jpg.webp?itok=jPx8kXOf)
Assessing the security performance of your vendors and third parties is crucial considering the amount of access to sensitive information we grant to these partners. However, for those assessments to be effective, and for you to actually know what the results mean, you need to know what performance trends you should be looking for and to be able to contrast and compare the results. This is where benchmarking comes in.
![New SEC Exams Emphasize Vendor Risk Management](/sites/default/files/styles/4_3_small/public/migration/images/marketchart-stock-thumb_1.jpg.webp?itok=zI_ZZwM3)
Last week, the SEC issued a Risk Alert, announcing that they will continue to assess cybersecurity risk and preparedness among brokers/dealers, investment advisors, and other financial institutions. The release details several focus areas for these exams. Here are a few highlights:
![BitSight Insights: Are Energy and Utilities At Risk of a Major Breach?](/sites/default/files/styles/4_3_small/public/migration/images/energgrid-stock-thumb_1.jpg.webp?itok=nWXDByZo)
Today Bitsight published our third annual industry benchmarking report: Are Energy and Utilities At Risk of a Major Breach? This report illustrates the latest security performance of the Finance, Federal Government, Retail, Energy and Utilities, Healthcare, and Education industries. All of these industries hold sensitive data- and as a result they are targets for hackers. Like we do for all of our Bitsight Insights, let’s dive into how each sector performed.
![Expect The Unexpected: Which Non-Obvious Vendors Have Access To Your Data?](/sites/default/files/styles/4_3_small/public/migration/images/thumb_nonobvious_1.jpg.webp?itok=m1VH0Nvg)
There are obvious and non-obvious vendors, third parties, and contractors that have access to your data or your corporate network. The obvious ones are organizations that provide IT or technology services to you. Naturally, these individuals would have access to your data, because you’ve granted it!
![From Framework to Application: Protect with BitSight](/sites/default/files/styles/4_3_small/public/migration/images/digitalshield-stock-thumb_1.jpg.webp?itok=THSPSvTb)
This is the third post in a series exploring how Security Ratings can address key components of the NIST cybersecurity guidelines. You can read the first post here and the second post here.
![Why Vendor Management Best Practices Should Be A Little More Risky](/sites/default/files/styles/4_3_small/public/migration/images/Thumb_ven_manage_best_practice_1.jpg.webp?itok=pijMximB)
Prioritizing vendors based on risk is considered a vendor risk management best practice. But how do you do this? To start, let’s look at a commonly referred-to equation:
![Third-Party Risk Management Insights: 2015 Gartner Security & Risk Summit](/sites/default/files/styles/4_3_small/public/migration/images/cta-banner-bg_34.png.webp?itok=ArzrhB3E)
Last month, the Office of Personnel Management revealed the true extent of it’s mega data breach - 21.4 million Americans. This means that around 7% of all Americans are affected by this breach. Lawmakers are beginning to debate how the federal government can implement twenty-first century policies to counter growing cyber threats. A recent study from the US GAO noted that there was a 32.5% increase in cyber incidents at federal agencies from 2012 to 2013. As lawmakers begin to look internally at policies and processes to combat these threats, it is important that they also look externally. Primarily this means taking note of third party risks and emulating models of success found in other industries.
![How Often Should You Do A Third-Party Risk Audit With Your Vendors?](/sites/default/files/styles/4_3_small/public/migration/images/full-third-party-risk-audit_1.jpg.webp?itok=suLAJRPL)
When you think of an audit, what comes to mind? If you’re at all familiar with the traditional auditing process, I’d imagine your answer would look something like this:
![NAFCU Services Selects BitSight as a Preferred Partner](/sites/default/files/styles/4_3_small/public/migration/images/checkbook-stock-small_1.jpg.webp?itok=QNpoxWJ0)
Today, we are pleased to announce that NAFCU Services has selected Bitsight as a Preferred Partner, giving its member credit unions access to Bitsight Security Ratings. The partnership is very timely: credit unions have been increasingly targeted with cyber attacks. A recent survey found that 84.4% of credit unions were impacted by a data breach in the last two years.
![4 Industries That Should Be On Your 3rd Party Risk Management Radar](/sites/default/files/styles/4_3_small/public/migration/images/full-4-industries-third-party-risk-management_1.jpg.webp?itok=3h5PpN2u)
Your organization probably deals with handfuls (or maybe hundreds) of vendors. Whatever the case may be, having a comprehensive third-party risk management solution is the best way to protect yourself against cyber mischief.
![The Evolution of Vendor Risk in the Retail Industry](/sites/default/files/styles/4_3_small/public/migration/images/bigstock-business-people-online-shopp-85204478_1.jpg.webp?itok=-hns-MS9)
Last week, Walmart Canada, Rite-Aid, CVS, and Sam’s Club were among the retailers to suspend their online photo operations due to a possible data breach of third-party photo service provider PNI Digital (a Staples subsidiary). This is the latest cyber incident to affect the retail industry, which has witnessed a number of high-profile breaches involving third-party vendors in recent years.
![Regulators Continue to Emphasize Third Party Cyber Risk Management](/sites/default/files/styles/4_3_small/public/migration/images/ftc-stock-thumb_1.jpg.webp?itok=DM9SvuvR)
In recent months, we’ve seen a variety of regulators from Finance to Defense cite the importance of third party cyber risk management. You can now add the Federal Trade Commission to the list.