Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
![Blog Image KEV Research Announcement](/sites/default/files/styles/cta/public/2024/05/01/Blog%20Image%20KEV%20Research%20Announcement.png?itok=dUMFV8Tg)
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
![OFAC sanctions vendor risk management](/sites/default/files/styles/4_3_small/public/2023/01/04/OFAC-sanctions-vendor-risk-management.jpg.webp?itok=1q_CK2jx)
Are you aware of the risks involved in doing business with parties sanctioned by the Office of Financial Assets Control (OFAC)?
![Analyzing The CIO's Roles & Responsibilities Regarding Cybersecurity](/sites/default/files/styles/4_3_small/public/migration/images/cio_thumbnail_1.jpg.webp?itok=4UdgxuNv)
The chief information officer (CIO) has traditionally owned IT security — and in recent years, cybersecurity has become a larger part of the modern CIO’s responsibility. Cybersecurity is a company-wide issue — and it’s everyone’s responsibility to manage it appropriately — but today, the CIO must act as a steward for the data and ensure that the right controls and processes are in place for data security.
![supply chain risk management](/sites/default/files/styles/4_3_small/public/2022/08/16/supply%20chain%20risk%20management-min.jpg.webp?itok=YCWeqDTv)
Traditional supply chain risk management strategies are becoming increasingly unsound amid the rise of unorthodox threats. These evolving supply chain risks require organizations to not only rethink supply chain risk but to act accordingly. Every organization should form a cyber supply chain risk management strategy for the modern era.
![password security world password day](/sites/default/files/styles/4_3_small/public/2023/05/03/network-security-system-perforated-paper-padlock.jpg.webp?itok=6wfixP92)
Passwords are only as strong as we make them. Explore the findings of our research around password usage and get the top tips on password security.
![Vulnerabilities and Exploits From CISA](/sites/default/files/styles/4_3_small/public/2022/09/12/Vulnerabilities%20and%20Exploits.png.webp?itok=Cm6umxOr)
A quick list of Android vulnerabilities as outlined and catalogued by CISA.
![The 5 Pillars Of Cybersecurity In Financial Services](/sites/default/files/styles/4_3_small/public/migration/images/Thumb-The-5-Pillars-Of-Cybersecurity-In-Financial-Services_2.jpg.webp?itok=u9yfQwMl)
Financial services is a wide industry, encompassing banks, insurance companies, investment firms, analysts, consultants, and many more. We’ve found financial services to be one of the best performing sectors in terms of cybersecurity. We’ve been able to pinpoint a handful of basic facts, ideas, and principles that make the financial sector so successful at cybersecurity, and we’ve outlined those “pillars” below. Take a look!
![Vulnerabilities and Exploits From CISA](/sites/default/files/styles/4_3_small/public/2022/09/12/Vulnerabilities%20and%20Exploits.png.webp?itok=Cm6umxOr)
A quick list of Apple vulnerabilities as outlined and catalogued by CISA.
![Are Your Payment Card Vendors Maintaining PCI Security Standards?](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_123621112_1.jpg.webp?itok=YnquhAUp)
The payment card industry (PCI) has long been a Holy Grail target for bad actors for obvious reasons. Visa, Mastercard, and American Express account for the bulk of the consumer financial activity in the United States. Breaching them would be an unimaginable windfall for hackers--and, undoubtedly, an unmitigated disaster for the world’s economy.
![CIDR, ICANN, RIR](/sites/default/files/styles/4_3_small/public/2022/08/03/Internet%20Registry%20Sized.jpg.webp?itok=5i8sVBvt)
The process of removing an association with a CIDR range can be time consuming and frustrating; in light of this, Bitsight has created a program to facilitate and simplify the process.
![SLP Denial of Service Amplification - Attacks are ongoing and rising](/sites/default/files/styles/4_3_small/public/2023/12/15/SLP%20Denial%20of%20Service%20Amplification%20-%20Attacks%20are%20ongoing%20and%20rising.jpg.webp?itok=vumMqV7w)
We build on our previous work and look into how threat actors are abusing SLP to launch reflection/amplification DDoS attacks, their evolution, and what targets are they focused on at the moment.
![As Cyber Insurance Claims Soar, Businesses Need to Demonstrate a Standard of Care](/sites/default/files/styles/4_3_small/public/migration/images/913%2520Blog_1.jpg.webp?itok=ArOQNWUr)
Hardly a day goes by without the emergence of a disturbing new trend in cyber crime or headline-grabbing hack. Hackers are getting smarter and threat vectors are constantly evolving. The escalating threat is forcing businesses to file more cyber insurance claims than ever. But are they taking the proactive steps necessary to boost their security postures and become a better underwriting risk?
![3 Critical CISO Roles and Responsibilities](/sites/default/files/styles/4_3_small/public/migration/images/Thumb_-_3_Critical_CISO_Roles_And_Responsibilities_1.jpg.webp?itok=iTpv-8fM)
A chief information security officer (CISO)'s roles and responsibilities include many hats in the realm of cybersecurity — but they are primarily responsible for translating complex business problems into effective information security controls.
![cybersecurity scanning](/sites/default/files/styles/4_3_small/public/2021/11/18/cybersecurity%20scanning.jpg.webp?itok=36Ri2W50)
Taking back control of your network in light of hackers’ growing sophistication can be time-consuming. Even well-established organizations with money to spend on solid cybersecurity programs are still falling victim to some of the new sneaky breach attempts, as seen with this year's ransomware attacks.
But as your digital infrastructure expands, understanding where cyber risk lies hidden can be challenging. In this increasingly diverse environment, your security team ends up buried in a sea of data and alerts — and may end up missing something important. They are also hopping between multiple tools and lack a complete picture of your company’s security posture.
Rather than play whack-a-mole with threats, here are three reasons you should focus on attack surface scanning to mitigate risk.
But as your digital infrastructure expands, understanding where cyber risk lies hidden can be challenging. In this increasingly diverse environment, your security team ends up buried in a sea of data and alerts — and may end up missing something important. They are also hopping between multiple tools and lack a complete picture of your company’s security posture.
Rather than play whack-a-mole with threats, here are three reasons you should focus on attack surface scanning to mitigate risk.
![Google Bitsight Blog thumbnail](/sites/default/files/styles/4_3_small/public/2023/12/12/Google_Bitsight_Blog_thumbnail.png.webp?itok=7BclTBqI)
Bitsight and Google have collaborated to study global organizational performance across cybersecurity controls in the Minimum Viable Secure Product (MVSP) framework.
![3 Attack Vectors That Lead to Cybersecurity Breaches](/sites/default/files/styles/4_3_small/public/migration/images/3_Attack_Vectors_That_Lead_To_Cybersecurity_Breaches_-_thumb_1.jpg.webp?itok=MvnqRL5T)
When we talk about cybersecurity events, we often discuss “the three principles of security” — which can be abbreviated as “CIA”: