Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
![Blog Image KEV Research Announcement](/sites/default/files/styles/cta/public/2024/05/01/Blog%20Image%20KEV%20Research%20Announcement.png?itok=dUMFV8Tg)
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
![Analyzing Utilities Sector Cybersecurity Performance](/sites/default/files/styles/4_3_small/public/migration/images/bigstock-High-voltage-Power-Lines-Ele-283705351_1.jpg.webp?itok=GT8Rcaqe)
With economic sanctions being levied by the US against Iran and a trade war heating up with China, some security experts are cautioning that attacks targeting US critical infrastructure may be inevitable. Are electric utilities prepared to defend themselves and their facilities against these attacks?
![ground view of tall skyscrapers on a clear day](/sites/default/files/styles/4_3_small/public/2023/09/19/samson-ZGjbiukp_-A-unsplash.jpg.webp?itok=u38tUe16)
Failing to update your software doesn’t just mean you’re missing out on the latest version—it means you could expose your organization to major security vulnerabilities, like the widespread Apache Log4j2 vulnerability.
![Managing Security Risk in Mergers & Acquisitions](/sites/default/files/styles/4_3_small/public/2022/06/03/MA_Blog_Post_Statistical_Analysis_1.jpg.webp?itok=9UDVRI5e)
Every year, companies spend billions of dollars on mergers and acquisitions. (The value of worldwide M&A deals in 2014 totaled $3.5 trillion.) Managing risk throughout the process is an important element of any merger, but there's one area of risk management that hasn't had the attention it deserves.
![4 Common Retail Security Threats (and How to Stop Them)](/sites/default/files/styles/4_3_small/public/migration/images/2.%2520retail%2520gift%2520card_1.jpg.webp?itok=gl24d1uS)
The retail industry has always been a favorite target of cyber criminals. We all remember major data breaches like those that affected Target, TJX, and Home Depot — but the truth is that retail security threats have been a daily concern of retailers for a long time.
![healthcare vendor risk management](/sites/default/files/styles/4_3_small/public/2023/02/07/healthcare%20vendor%20risk%20management.jpg.webp?itok=M4OX6k1V)
Delivering medical services involves hundreds of third-party vendors. We explore the criticality of healthcare vendor risk management and how organizations can overcome common challenges.
![BitSight EXCHANGE Sound Bites: Closing the Cyber Risk Gap](/sites/default/files/styles/4_3_small/public/migration/images/venky-exchange_1.jpg.webp?itok=4HUmjXAU)
In the months since Bitsight’s inaugural EXCHANGE forum inaugural EXCHANGE forum, we have been digesting and processing the incredible sessions and discussions that came about from this forum. It was a great event that brought together security executives from all over to discuss the challenges they face in their roles every day.
![CISO Education Requirements: Degrees, Training Courses, and Certifications](/sites/default/files/styles/4_3_small/public/2022/06/08/AdobeStock_232968888_1.jpg.webp?itok=BinrDNl-)
About 25 years ago, the evolution of the overall digital ecosystem necessitated the creation of the first CISO role. Now, 61% of companies have a CISO.
![Top 5 Trends in Telecom Risk Management](/sites/default/files/styles/4_3_small/public/migration/images/top-5-trends-in-telecom-risk-management_2.jpeg.webp?itok=PnmzbAZA)
As regulations shift and providers enter new markets, the telecom industry is changing rapidly. In preparation for these changes, telecom risk management professionals must become aware of new risks on the horizon. Privacy and net neutrality laws, new kinds of cyber threats, reputational dangers, and other factors are all poised to affect telecom companies deeply in 2019.
![Cyber Security Assessment Tools and Platforms | BitSight](/sites/default/files/styles/4_3_small/public/migration/images/Cybersecurity_Risk_Assessment_Tools_You_Can_Use_Year_Round_2.jpeg.webp?itok=YMKy2vZ9)
When it comes to improving cybersecurity at your organization, there are some fixes that you can undertake with very little preparation. More robust remediation efforts, however, usually start with a cybersecurity risk assessment.
![Cybersecurity Visualization Techniques to Gain Executive Buy-In](/sites/default/files/styles/4_3_small/public/migration/images/Cybersecurity_Visualization_Techniques_to_Gain_Executive_Buy-In_1.jpeg.webp?itok=JekwsjGJ)
CISOs and other security leaders need buy-in from the Board and executive team in order to run effective cybersecurity programs. This requires communicating data about threats and cybersecurity performance in ways that are easy to understand.As a result, cybersecurity visualization is becoming more important than ever. In a field that's as interesting and exciting — and comes with such high stakes — as cybersecurity, you can’t allow knowledge gaps and technical complexity to obscure your message.With high-profile data breaches on everyone’s minds, the Board is becoming more and more involved in cybersecurity decisions. In fact, 45% of board members say they actively participate in setting the security budget at their company. For CISOs, getting the sign-off on necessary IT projects, purchases, and partnerships often involves making impactful arguments to Board members who might not have IT backgrounds. So, what cybersecurity visualization techniques can you use to gain executive buy-in?
![Do You Have What it Takes to Achieve Digital Resilience?](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1709609737.jpg.webp?itok=wbHtLeTI)
The term “digital resilience” has gained momentum over the past few years as cybersecurity threats have grown, but what does it really mean? And how can a company become digitally resilient?
![getting started with enterprise risk management software](/sites/default/files/styles/4_3_small/public/2023/06/08/getting-started-with-enterprise-risk-management-software.jpg.webp?itok=IKebtA5X)
Enterprise risk management software helps businesses monitor, manage, and mitigate many types of risk. However, procuring and implementing ERM software requires a significant investment, and choosing the solutions that are right for your business is a perennial challenge for risk management professionals.
![Cybersecurity risk taxonomy, image of four cybsersecurity professionals, two individuals on cell phones](/sites/default/files/styles/4_3_small/public/2021/12/20/Cybersecurity%20Risk%20Taxonomy%20Sized_0.jpg.webp?itok=4o1QaFz3)
What is a cybersecurity risk taxonomy and how can you use it to guide your organization’s security program and investments?
![How the Internet of Things Affects Your Corporate Network](/sites/default/files/styles/4_3_small/public/migration/images/Internet_of_Things_1.jpg.webp?itok=mWjp5yYf)
Almost every day there seems to be another story about the “Internet of Things" (IoT). More and more “things” are being equipped to send and receive information over the internet. It might be fun to have your running shoes connecting to the cloud, but what does it mean, if anything, to your corporate network?
![How Objectivity, Standardization & Context Reduce Cyber Risk](/sites/default/files/styles/4_3_small/public/migration/images/bigstock-Businessmen-Tab-On-Tablet-Touc-289962532_1.jpg.webp?itok=mOZUiItI)
There are numerous areas of business and enterprise risk that have been measured for years in a standardized fashion — these include financial risk, market risk, operational risk, legal risk, and even IT risk.