Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
Cybersecurity is always changing, and it's up to CISOs to keep up with the times. There are plenty of blogs and newsletters offering information on new developments in data security, but not all of them are worth following.
If you’re looking for some thought leadership in the information security space, searching #cybersecurity on Twitter isn’t going to give you clear advice or direction.
The chief information officer (CIO) has traditionally owned IT security — and in recent years, cybersecurity has become a larger part of the modern CIO’s responsibility. Cybersecurity is a company-wide issue — and it’s everyone’s responsibility to manage it appropriately — but today, the CIO must act as a steward for the data and ensure that the right controls and processes are in place for data security.
A quick list of Android vulnerabilities as outlined and catalogued by CISA.
A quick list of Apple vulnerabilities as outlined and catalogued by CISA.
The payment card industry (PCI) has long been a Holy Grail target for bad actors for obvious reasons. Visa, Mastercard, and American Express account for the bulk of the consumer financial activity in the United States. Breaching them would be an unimaginable windfall for hackers--and, undoubtedly, an unmitigated disaster for the world’s economy.
We build on our previous work and look into how threat actors are abusing SLP to launch reflection/amplification DDoS attacks, their evolution, and what targets are they focused on at the moment.
Hardly a day goes by without the emergence of a disturbing new trend in cyber crime or headline-grabbing hack. Hackers are getting smarter and threat vectors are constantly evolving. The escalating threat is forcing businesses to file more cyber insurance claims than ever. But are they taking the proactive steps necessary to boost their security postures and become a better underwriting risk?
A chief information security officer (CISO)'s roles and responsibilities include many hats in the realm of cybersecurity — but they are primarily responsible for translating complex business problems into effective information security controls.
Taking back control of your network in light of hackers’ growing sophistication can be time-consuming. Even well-established organizations with money to spend on solid cybersecurity programs are still falling victim to some of the new sneaky breach attempts, as seen with this year's ransomware attacks.
But as your digital infrastructure expands, understanding where cyber risk lies hidden can be challenging. In this increasingly diverse environment, your security team ends up buried in a sea of data and alerts — and may end up missing something important. They are also hopping between multiple tools and lack a complete picture of your company’s security posture.
Rather than play whack-a-mole with threats, here are three reasons you should focus on attack surface scanning to mitigate risk.
But as your digital infrastructure expands, understanding where cyber risk lies hidden can be challenging. In this increasingly diverse environment, your security team ends up buried in a sea of data and alerts — and may end up missing something important. They are also hopping between multiple tools and lack a complete picture of your company’s security posture.
Rather than play whack-a-mole with threats, here are three reasons you should focus on attack surface scanning to mitigate risk.
Bitsight and Google have collaborated to study global organizational performance across cybersecurity controls in the Minimum Viable Secure Product (MVSP) framework.
When we talk about cybersecurity events, we often discuss “the three principles of security” — which can be abbreviated as “CIA”:
Delivering medical services involves hundreds of third-party vendors. We explore the criticality of healthcare vendor risk management and how organizations can overcome common challenges.
There is a parallel universe in the cyber world known as the “Dark Web.” It’s a part of the Internet inaccessible via standard browsers or search engines, and it’s where cyber criminals share botnet kits, trade bitcoins, and recruit other hackers to carry out attacks. Over the years, the “Dark Web” has also provided an anonymous marketplace for criminals to sell information stolen from data breaches. An example is from 2015, when nearly 10GBs of data including account details and passwords for some 32 million users of Ashley Madison, were posted on the dark web.
Traditional vendor risk management methods fail to capture new and evolving risks. Learn how a better approach to VRM can benefit your organization.