Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
![Blog Image KEV Research Announcement](/sites/default/files/styles/cta/public/2024/05/01/Blog%20Image%20KEV%20Research%20Announcement.png?itok=dUMFV8Tg)
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
![The 5 Mistakes You May Be Making With Your IT Risk Management](/sites/default/files/styles/4_3_small/public/migration/images/full-it-risk-management-mistakes_1.jpg.webp?itok=rA2ro-xj)
In business and in life, safety is always made a priority. From simple day-to-day tasks like wearing a seatbelt, to important business security decisions, prioritizing our safety and the safety of our families and valuable information is of utmost importance. But this process isn’t always easy. It seems like there are new security threats, from computer hackers and otherwise, that force us to find new ways to protect ourselves on a near-constant basis.
![From Weight Loss to Security Performance: Indicators of Healthy Habits](/sites/default/files/styles/4_3_small/public/migration/images/runner-stock-thumb_2.jpg.webp?itok=63nVUHNY)
When I was a young pup studying statistics, I remember reading about a study on weight loss that found three factors correlated with weight loss: weighing yourself daily, eating a good breakfast and having access to work out equipment at home. While none of these cause weight loss directly, together they indicate a passion for and dedication to a healthy lifestyle. Connections like this, where subtle observations can lead to a larger understanding, have always been an interest for me and have driven me forward in my career.
![Vendor Risk: 1 Issue That's Too Critical To Overlook](/sites/default/files/styles/4_3_small/public/migration/images/thumb-critical-vendor-risk-issue_1.jpg.webp?itok=QLTfPejN)
If your organization outsources to vendors, you are probably involved in a lot of due diligence. You may be looking at and verifying credit checks, getting background reports, monitoring legal standings and litigation, ensuring that third parties pay their bills and don’t employ criminals, and more.
![From Framework to Application: Identify With BitSight](/sites/default/files/styles/4_3_small/public/migration/images/purplehighway-stock-thumb_1.jpg.webp?itok=9rfNjP_U)
This is the second post in a series exploring how Security Ratings can address key components of the NIST cybersecurity guidelines. You can read the first post here.
![Supply Chain Risk Management: 4 Ways To Address Your Cyber Risk](/sites/default/files/styles/4_3_small/public/migration/images/full-supply-chain-risk-management_1.jpg.webp?itok=XJmdOLMI)
Handling cyber risk in your organization’s supply chain isn’t easy. This aspect of Supply Chain Risk Management is a complex problem that even highly sophisticated organizations—like the Department of Defense—struggle to address.
![BitSight Series B Funding: Furthering Our Mission](/sites/default/files/styles/4_3_small/public/migration/images/opendoors-stock-big_1.jpg.webp?itok=escFiT33)
Today, Bitsight is excited to announce that we have raised $23 million in Series B funding. The additional funding will allow Bitsight to keep hiring exceptional talent, as well as extend sales and marketing initiatives in Europe and in the Asia-Pacific region. The funding will also allow us to accelerate the development of new data analytic products and add to our extensive data resources to ensure the most accurate ratings possible. Bitsight is thriled to have Comcast Ventures join as a new investor. We’re also thrilled that all of our current investors participated in this new round!
![Managing Vendor Security Risk Between Annual Assessments](/sites/default/files/styles/4_3_small/public/migration/images/annual-assessment-small_1.png.webp?itok=iueDRejE)
In the majority of organizations, vendor risk management is still a highly manual process, making risk assessments a labor intensive exercise for all parties that are involved. This is why, at best, most vendor management programs only assess third parties on an annual basis or during contract negotiation. However, risk managers know from securing their own networks that annual assessments tell us little about how effectively they are responding to emerging threats or addressing new vulnerabilities. So, how are annual vendor risk assessments making us more secure?
![Risk Mitigation Services in Cyber Insurance Underwriting](/sites/default/files/styles/4_3_small/public/migration/images/world-stock-thumb_1.jpg.webp?itok=_BtG3hqX)
Last week, Bitsight co-sponsored a webinar with Advisen on the use of risk mitigation services for cyber insurance underwriting. Ira Scharf, GM of Cyber Insurance at Bitsight, joined Tracie Grella of AIG and Neeraj Sanhi of Willis Group to discuss several topics in this emerging field. Here are some of the highlights:
![How Quickly are you Detecting Network Intrusions?](/sites/default/files/styles/4_3_small/public/migration/images/hacker-hands-stock-small_1.jpg.webp?itok=QbOBtNXv)
Recent breaches making headlines all share a troubling characteristic. In each breach detailed below, the intrusions of company networks lasted months - or in other cases, even longer than a year. While no company is impervious to a breach, one thing organizations can control is how quickly they respond to security incidents. The longer compromises remain neglected and unresolved, the more likely that a large-scale breach will occur, resulting in significant data loss.
![Q&A with Stephen Boyer, BitSight's CTO and Cofounder](/sites/default/files/styles/4_3_small/public/migration/images/virtual-tech-small_1.jpg.webp?itok=ppTlO7H4)
I received the following questions from an inquisitive undergraduate student eager to learn more about Bitsight and security ratings. He posed excellent and insightful questions, and I thought that I would share our exchange in case others might be wanting to ask the same questions. Thanks, Nick!
![BitSight Achieves "Cool Vendor" Status in Gartner Report](/sites/default/files/styles/4_3_small/public/migration/images/coolvendorthumb_1.jpg.webp?itok=bkXy_KEJ)
The last few weeks have been a whirlwind of activities here at Bitsight! Between attending and speaking at RSA, participating in the latest Verizon DBIR report, preparing for our session at FS-ISAC, announcing our new partnership with AIG, and being featured as a vendor risk management solution in the Wall Street Journal, we were happy to see the second quarter off to such an exciting start. And then we got even more good news!
![Best Practices for implementing vendor security ratings](/sites/default/files/styles/4_3_small/public/migration/images/dial-stock-thumb_1.jpg.webp?itok=Yyg5flU9)
Recently we discussed three benefits for vendors related to their security rating, as we are asked about this often. We are also asked for best practices when communicating with your vendors about their security rating. We have many customers with experience incorporating Bitsight Security Ratings into their vendor risk management program, and the lessons they have learned along the way are too valuable not to share. There are several different approaches that can be leveraged; here are the 3 most common:
![Why You Should Assess Your Vendor's Security Performance Frequently](/sites/default/files/styles/4_3_small/public/migration/images/hourglass-stock-thumb_1.jpg.webp?itok=zPGOwtVr)
Third party breaches still account for a large percentage of security incidents. In fact, according to this year's Verizon DBIR report, in 70% of attacks where there was a known motive, a secondary victim was involved. These victims could be vendors, business partners, or vital pieces in supply chains. While the common phrase that “you are only as strong as your weakest link” has been used ad nauseum, it certainly rings true. The following are just some of the reasons why continuously monitoring the security of third parties is crucial:
![3 Ways Your Vendors will Benefit from Knowing their Security Rating](/sites/default/files/styles/4_3_small/public/migration/images/3wayvendors-sm_1.png.webp?itok=LBpO41iY)
The idea of telling a vendor or potential vendor that you've rated their security performance can be a little daunting. If someone has never heard of a Bitsight Security Rating, being told that another company has been monitoring their security effectiveness, without them knowing, can sound a little "big brother-ish" and raise lots of questions about privacy and legality. Though our methods are unobtrusive and based on the same outside-in model of credit ratings, we provide many materials to our customers to help them deal with these types of situations.
![RSA 2015: Emerging Trends in Infosec](/sites/default/files/styles/4_3_small/public/migration/images/goldengate-stock-big_1.jpg.webp?itok=DJUjVBGM)
Last week San Francisco became the information security capital of the world for the 2015 RSA Conference. Around 30,000 attendees, mostly security professionals and vendors, descended on the Moscone Center for a week of discussion about the industry and new technologies. With literally too many talks for one person to attend, it’s hard to build a session schedule. Yet, as with any industry conference, there are key themes that arise in sessions, conversations, and the show floor. As a first time attendee who tried to make the most of my first RSA Conference, here are my three key observations on the industry: