Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
![Blog Image KEV Research Announcement](/sites/default/files/styles/cta/public/2024/05/01/Blog%20Image%20KEV%20Research%20Announcement.png?itok=dUMFV8Tg)
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
![The 5 Pillars Of Cybersecurity In Financial Services](/sites/default/files/styles/4_3_small/public/migration/images/Thumb-The-5-Pillars-Of-Cybersecurity-In-Financial-Services_2.jpg.webp?itok=u9yfQwMl)
Financial services is a wide industry, encompassing banks, insurance companies, investment firms, analysts, consultants, and many more. We’ve found financial services to be one of the best performing sectors in terms of cybersecurity. We’ve been able to pinpoint a handful of basic facts, ideas, and principles that make the financial sector so successful at cybersecurity, and we’ve outlined those “pillars” below. Take a look!
![CISO Education Requirements: Degrees, Training Courses, and Certifications](/sites/default/files/styles/4_3_small/public/2022/06/08/AdobeStock_232968888_1.jpg.webp?itok=BinrDNl-)
About 25 years ago, the evolution of the overall digital ecosystem necessitated the creation of the first CISO role. Now, 61% of companies have a CISO.
![What the Gramm-Leach-Bliley Act Means for Financial Services Cybersecurity](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_751455550_1.jpg.webp?itok=xI-yPwH_)
For obvious reasons, the financial services industry has had the unfortunate distinction of being one of the largest high value targets for threat actors. Research shows that financial services businesses experience 300 more cyber attacks than organizations in other industries. Many of those attacks come through third-party suppliers whose networks may not be as secure as the organizations they work with.
![financial services cybersecurity](/sites/default/files/styles/4_3_small/public/2021/11/14/financial%20services.jpg.webp?itok=6nD94pl3)
The financial services sector is one of the highest performing in terms of cybersecurity. One factor that contributes to this performance is regulation.
![Silicon Valley Bank Crisis - How Security and Financial Leaders Can Collaborate to Protect their Organizations](/sites/default/files/styles/4_3_small/public/2023/03/15/Silicon%20Valley%20Bank%20Crisis%20-%20How%20Security%20and%20Financial%20Leaders%20Can%20Collaborate%20to%20Protect%20their%20Organizations.png.webp?itok=1yHqkd3u)
How financial and security leaders can work together to protect their organizations in the wake of the recent crisis affecting Silicon Valley Bank (SVB).
![third party vendor risk management for financial institutions](/sites/default/files/styles/4_3_small/public/2023/03/02/third%20party%20vendor%20risk%20management%20for%20financial%20institutions%2C%20SIZED.jpg.webp?itok=4zogLtq9)
Learn how to automate and streamline the process for third-party vendor risk management at financial institutions.
![Information Security In Banking & Finance Industry: 3 Critical Vendor Risks](/sites/default/files/styles/4_3_small/public/migration/images/Information%2520Security%2520In%2520Banking%2520-%2520BitSight_1.jpg.webp?itok=TVGkWjOz)
The NCUA Board approved a proposed rule that would require a federally insured credit union (FICU) to notify the NCUA as soon as possible but no later than 72 hours after they reasonably believe that a reportable cyber incident has occurred.
![Cybersecurity in banking, showing people using contactless banking](/sites/default/files/styles/4_3_small/public/2022/01/24/3%20Cybersecurity%20Banking%20Trends%202022%2C%20Sized.jpg.webp?itok=h3nTzMiz)
Rapidly evolving risk and the digitization of banking is creating new threats. Here are three cybersecurity in banking trends to watch this year.
![Cybersecurity for Credit Unions: 4 Ways to Reduce the Risk of the Next Attack](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1930752182.png.webp?itok=Mr1e4mxK)
Credit unions must be on high alert for cyberattacks. That’s according to a recent warning issued by the National Credit Union Administration (NCUA), who cautioned the industry of potential avenues of attack, including ransomware and supply chain attacks.
![FFIEC IT Handbook Updates: Business Continuity Is 2020 Focus](/sites/default/files/styles/4_3_small/public/migration/images/FFIEC_IT_Handbook_Updates_Business_Continuity_Is_2020_Focus_1.jpeg.webp?itok=aJm0WC0j)
In November 2019, the Federal Financial Institutions Examination Council (FFIEC) released an update to the Information Technology Examination Handbook (IT Handbook). This handbook is a guide for examiners at its member agencies, which include the FRB, FDIC, NCUA, OCC, and CFPB.
![Cloud outsourcing poses new challenges for regulators and Financial Services](/sites/default/files/styles/4_3_small/public/migration/images/Strategic%2520cloud%2520outsourcing_EMEABlog_1.jpg.webp?itok=XpAY-Ml1)
Cyber risk and regulatory compliance are two sides of the same coin in the Financial Services sector. Together, they spur Financial Services companies to take action to protect customers, their business and the global financial ecosystem from the malicious cyber attacks or the risk of critical system failures.
![Financial services in Asia Pac face regulatory driven scrutiny of cyber risk management](/sites/default/files/styles/4_3_small/public/migration/images/blog_apac_financial_services_regulations_1.jpg.webp?itok=qaqYjmeb)
The evolution of the technology environment and related security threats is so fast paced it often seems businesses and regulators are playing an endless game of catch-up.
![Control and Accountability: The New Watchwords for Regulatory Compliance](/sites/default/files/styles/4_3_small/public/migration/images/control_accountability_blog_1.jpg.webp?itok=qkHuwdMy)
The regulatory environment is evolving rapidly as national and international regulatory bodies attempt to keep pace with changing business models, technology infrastructure and continuously escalating cyberthreats.
![Is Your Risk Management Program Ready for the New European Banking Authority’s Guidelines?](/sites/default/files/styles/4_3_small/public/migration/images/bigstock-Euro-Coins-Stacked-On-Each-Oth-223184503_1.jpg.webp?itok=RFOUPRap)
In June 2018, the European Banking Authority (EBA) put forth guidelines on outsourcing arrangements that highlighted the importance of risk management within financial organizations. The notice of these guidelines was announced in June 2018 and will be enforced later in 2019.
![The Time is Now: NYDFS Deadline Means Risk Managers Need to Focus on Third-Party Risk](/sites/default/files/styles/4_3_small/public/migration/images/bigstock-Manhattan-Skyline-At-Night-Ne-18683036_1.jpg.webp?itok=93QBhXGR)
In March 2017, the New York Department of Financial Services (NYDFS) cybersecurity regulations — known as 23 NYCRR Part 500 — went into effect. According to the regulation, “any Person operating under or required to operate under a license, registration, charter, certificate, permit, accreditation or similar authorization under the Banking Law, the Insurance Law or the Financial Services Law” is considered a covered entity and must comply.