Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
![Blog Image KEV Research Announcement](/sites/default/files/styles/cta/public/2024/05/01/Blog%20Image%20KEV%20Research%20Announcement.png?itok=dUMFV8Tg)
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
![4 Common Retail Security Threats (and How to Stop Them)](/sites/default/files/styles/4_3_small/public/migration/images/2.%2520retail%2520gift%2520card_1.jpg.webp?itok=gl24d1uS)
The retail industry has always been a favorite target of cyber criminals. We all remember major data breaches like those that affected Target, TJX, and Home Depot — but the truth is that retail security threats have been a daily concern of retailers for a long time.
![5 Crucial Strategies for Improving Retail Network Security](/sites/default/files/styles/4_3_small/public/migration/images/6.%2520retail%2520security_1.jpg.webp?itok=4qmAQgNY)
The retail sector has proven that when top minds put their heads together, they can make real headway against pernicious cyber threats. Case in point: the industry-wide adoption of EMV chip cards has played a role in reducing point-of-sale malware attacks by 93% since 2014.
![Ticketmaster Breach Highlights Retailers' Dependence on Multitude of Service Providers](/sites/default/files/styles/4_3_small/public/migration/images/bigstock-credit-card-data-security-83131502_1.jpg.webp?itok=j8E4oMdf)
Early last month, it was disclosed that Ticketmaster suffered a data breach through a third party service provider as part of a payment card hacking campaign; Ticketmaster was just one of hundreds of victims. The threat actor, Magecart, compromised over 800 e-commerce sites by secretly installing digital card-skimming software on third-party components and services used by these retailers.
![The Evolution of Vendor Risk in the Retail Industry](/sites/default/files/styles/4_3_small/public/migration/images/bigstock-business-people-online-shopp-85204478_1.jpg.webp?itok=-hns-MS9)
Last week, Walmart Canada, Rite-Aid, CVS, and Sam’s Club were among the retailers to suspend their online photo operations due to a possible data breach of third-party photo service provider PNI Digital (a Staples subsidiary). This is the latest cyber incident to affect the retail industry, which has witnessed a number of high-profile breaches involving third-party vendors in recent years.
![Months After Target Breach, Retailers Still Leaving Data at Risk](/sites/default/files/styles/4_3_small/public/migration/images/Retail_Nov-July_1.png.webp?itok=5UBP60CW)
On July 21, 2014, Brian Krebs (once again) broke the news of a potentially major retail breach. Goodwill Industries and its 165 independent agencies across North America appear to be the most recent victims in the seemingly plagued retail industry.
Unfortunately, something ugly has tarnished the canvases of the artists and crafters who used their debit or credit cards to shop at Michaels from May 8, 2013 to January 24, 2014. In late January 2014, Michaels announced that it was investigating a potential security breach involving customers’ credit card information. After weeks of analysis, Michaels finally confirmed yesterday that a targeted attack did indeed occur on some of their point of sales systems and that approximately 2.6 million cards may have been compromised.
At Bitsight, we have observed significant botnet activity on Michael’s network over the past year. In particular, we observed multiple instances of Conficker, a botnet that can comp
At Bitsight, we have observed significant botnet activity on Michael’s network over the past year. In particular, we observed multiple instances of Conficker, a botnet that can comp
![Target Breach Investigation Shows Tangled Web of Third Party Risks](/sites/default/files/styles/4_3_small/public/migration/images/Target-Third-Party-Breach_1.png.webp?itok=nFDwXPHI)
As more and more details surrounding the Target breach continue to unfold, it's becoming evident just how complicated it can be for investigators and journalists to follow the trail of evidence left behind. The latest reports suggest that one or more business partners were used by the attackers to gain access to Target's systems. Below is a summary of top stories which provide insight into the tangled web of third party vendors and suppliers which may have left Target vulnerable to attack, highlighting just how esstential it is for organizations to be aware of their third party risks.
![The Impact of Target’s Data Breach Throughout the Partner Ecosystem](/sites/default/files/styles/4_3_small/public/migration/images/bigstock-The-Hamilton-Crossings-shoppin-260589403_1.jpg.webp?itok=0VLcEZmN)
Many of the facts surrounding the Target breach still remain unclear, even as details continue to emerge publicly. We still don’t know what the final tally of breached organizations will be, but the list keeps growing. In addition to who else has been breached and the impact on their customers, another factor we need to consider is how Target's business partners may be impacted. In a data breach on any retailer, card issuers, payment processors, insurers, suppliers and other parties may face substantial loss as the investigation and recovery costs ripple through these networks.
![Target & Neiman Marcus Are Not Alone: Malware in the Retail Sector](/sites/default/files/styles/4_3_small/public/migration/images/BitSight_retail_threats_1.png.webp?itok=8vA4Jt1m)
The past few weeks have been full of news regarding cyber attacks in the retail sector. First Target, and then Neiman Marcus. Now news outlets are reporting that three other well-known retailers may announce breaches that occurred in the past year.
![Security Ratings Uncover Decline in Security Posture of US Retailers](/sites/default/files/styles/4_3_small/public/migration/images/BitSight_SecurityRatings-_Retail_Sector_%25281%2529_1.png.webp?itok=JMIfNhIt)
In light of the recent news of retailers being attacked late last year, we at Bitsight looked into our security ratings (an external measure of a company’s security posture) to gain some insight into these attacks.