Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
![Blog Image KEV Research Announcement](/sites/default/files/styles/cta/public/2024/05/01/Blog%20Image%20KEV%20Research%20Announcement.png?itok=dUMFV8Tg)
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
![Cybersecurity Readiness: What Is It and How Do You Evaluate Yours?](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1746007235.png.webp?itok=fWewG2no)
Cybersecurity readiness is the ability to identify, prevent, and respond to cyber threats.
![Bitsight is a proud participant in the Microsoft Security Copilot Partner Private Preview](/sites/default/files/styles/4_3_small/public/2023/11/14/Bitsight%20is%20a%20proud%20participant%20in%20the%20Microsoft%20Security%20Copilot%20Partner%20Private%20Preview.jpg.webp?itok=eSvmgpI4)
Bitsight today announced its participation in the Microsoft Security Copilot Partner Private Preview. Bitsight was selected based on their proven experience with Microsoft Security technologies, willingness to explore and provide feedback on cutting edge functionality, and close relationship with Microsoft.
![security ratings supercharge compliance](/sites/default/files/styles/4_3_small/public/2023/11/16/security%20ratings%20supercharge%20compliance_1.jpeg.webp?itok=8oy3OkDQ)
Amid a rise in regulatory pressure for cybersecurity leaders in Europe, with DORA and NIS2 as the most recent examples, cyber risk analytics emerge as an instrumental tool in ensuring compliance. Here's why.
![Shadow IT: Your Urgent Questions Answered](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_294978146_1.jpg.webp?itok=iH8hy9Yy)
Your IT department spends a great deal of time distributing security information and maintaining your organization’s internal security processes. Unfortunately, a persistent threat, deemed shadow IT, is still making its way into your organization’s network.
![Adaptive security, continuous monitoring the global landscape](/sites/default/files/styles/4_3_small/public/2022/02/18/Adaptive%20Security%2C%20Sized.jpg.webp?itok=qdf5hfaT)
What is adaptive security? Explore the benefits of this approach to cyber risk reduction and how your organization can get started.
![Newest Risk Vectors Highlight Innovation in Security Ratings](/sites/default/files/styles/4_3_small/public/2022/05/24/Newest-Risk-Vectors-Highlight-Innovation-in-Security-Ratings-min.png.webp?itok=43HnAQGw)
Within the Bitsight Security Ratings platform, we analyze risk vectors specifically chosen to help organizations identify and manage risks across their own networks and the networks of their third parties. Over the past few months, Bitsight has added new risk vectors to enhance the insights across the “spectrum of risk” and provide a more comprehensive picture of an organization’s security posture. These risk vectors will not be factored into our rating calculation until we update and expand the rating algorithm once every year. However, they still provide extremely valuable information to Bitsight users. As new threats emerge, Bitsight understands the important role that these threats play in the security ratings industry. This is why we continuously add to our list of risk vectors — it is critical that security ratings services are dynamic in nature and able to incorporate the identification of these risks into their service.
![third party breach](/sites/default/files/styles/4_3_small/public/2022/11/15/shutterstock_1407081185.jpg.webp?itok=H68LvNRh)
We are constantly evolving our offerings to meet customer needs and address market shifts. Read our blog to learn about our customer-first enhancements to the Bitsight for Third-Party Risk Management Platform.
![SmokeLoader Malware banner](/sites/default/files/styles/4_3_small/public/2023/09/15/SmokeLoader-Malware-banner-min.jpeg.webp?itok=ACqh3Ajo)
Bitsight dissects SmokeLoader's plugins received by an infected computer from the botnet "0020". We explore their inner workings, capabilities, and threat vectors.
![More Security Tools Hinder Response Efforts: Better Planning Pays Off](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_553264531_1.jpg.webp?itok=26a0ITwR)
The global cybersecurity market is currently worth $173 billion and expected to grow to $270 billion by 2026. Yet as organizations invest more in security technology, a new global survey by IBM Security and the Ponemon Institute suggests that security response efforts are “hindered by the use of too many security tools, as well as a lack of specific playbooks for common attack types.” Of those surveyed, 74% of respondents report that their response plans are ad-hoc, applied inconsistently, or that they have no plans at all.
![socks5systemz blog hero](/sites/default/files/styles/4_3_small/public/2023/11/02/socks5systemz-blog-hero.jpg.webp?itok=sofxiH35)
Recently, our Threat Research team discovered a new malware sample, distributed by the PrivateLoader and Amadey loaders. Learn more.
![Busting the Myths: Is Proprietary Data the Only Data That Counts?](/sites/default/files/styles/4_3_small/public/migration/images/8.25-Blog-Thumb_1.png.webp?itok=OPCdhTFv)
In the security ratings market, some offerings claim that a staggering percentage of the data they leverage is proprietary, and downplay the value of externally sourced data. While these companies may state that (close to) 100% of their data collection on IP maps, DNS records, event data and more is proprietary, there are several reasons why this is problematic. Let’s break down the myths surrounding this issue one at a time.
![10 Frequently Asked Supplier Risk Management Questions](/sites/default/files/styles/4_3_small/public/migration/images/full-vendor-risk-management-questions-large_1.jpg.webp?itok=8qjZ5cpb)
Are you and your company at the early stages of implementing a supplier risk management program — or are you just beginning to explore the idea? Either way, there’s a lot to learn when it comes to assessing your digital supply chain vendors for cyber risk, and it may feel a little bit daunting at first. Perhaps you’re a bit afraid to ask some of the more basic questions that have you stumped.
![caiq sig questionnaires](/sites/default/files/styles/4_3_small/public/2023/02/07/caiq%20sig.jpg.webp?itok=BNLSCDke)
How is one questionnaire different from another, and how do you decide which ones to use in vendor risk assessments? We compare CAIQ vs. SIG.
![Financial Quantification of Cyber Risk](/sites/default/files/styles/4_3_small/public/2021/11/30/financial%20quantification.jpg.webp?itok=9aZiRMT1)
You've worked hard all year to prioritize your organization's resources to tackle the riskiest vulnerabilities in your cybersecurity program. But when you bring your progress to the board of directors, excited to demonstrate your success, your reports about patched network configurations, DNS configurations, botnet sinkholes, and more are met with blank stares.
![BitSight + Glass Lewis](/sites/default/files/styles/4_3_small/public/2023/09/13/Bitsight-and-Glass-Lewis.png.webp?itok=I-6CfQr9)
A strong, collaborative, and informed relationship between the Chief Information Security Officer (CISO) and the Board of Directors is essential for maintaining a robust cybersecurity program.