InSights Blog

Learn how to protect your organization’s “crown jewels” with these do’s and don’ts of sensitive data sharing with vendors.

What is information risk management? Learn more about how the classic equation of threat x vulnerability x consequence helps inform your cybersecurity risk management strategy.

Is there a difference between cybersecurity vs. information security? Learn more about the distinctions between the two areas, where they overlap, and how both have evolved.

The Digital Operational Resilience Act is set to go into action in early 2022. Learn how BitSight can help your organization meet the compliance requirements.

Does your organization have a cybersecurity risk remediation plan? Follow these five tips for crafting one.

Cyber risk mitigation and remediation are often talked about in the same terms. But they are different. Learn how you can optimize both.

What does your organization consider an acceptable level of inherent cyber risk in its vendor portfolio? Learn how to establish that threshold and focus resources where they’re needed most.

Learn how to use cyber risk data to protect your organization and its financial assets.

As 2021 comes to a close, we thought it might be a good idea to look back at some of our research from the year. BitSight investigated a variety of topics including ransomware, vulnerability mitigation, and RSA key generation flaws. We also studied specific vulnerabilities in Microsoft Exchange Server, Apache Server 2.4, and Apache Log4j.

Ransomware attacks are on the rise, doubling in the last year alone. But why has ransomware emerged as the weapon of choice for bad actors? The answer comes down to time and money.

What is a cybersecurity risk taxonomy and how can you use it to guide your organization’s security program and investments?

Cybersecurity is a priority for any organization and a big-ticket budget line item. But before investments in security are made, your organization must understand what it is doing right and where improvements to your cybersecurity program are needed.

Typically, this involves conducting a periodic security audit. But these assessments only capture a point-in-time view of the effectiveness of your security controls – and are incredibly resource-intensive.

A critical vulnerability that allows for unauthenticated remote code execution has been discovered in Apache Log4j 2, an open source Java logging tool. The Apache Software Foundation has identified the vulnerability as CVE-2021-44228.

“34% of companies [in portfolios] we examined had at least one exposed Java-based server. Not all of those use Log4j, but that gives a rough sense of the scale of exposure,” said Ethan Geil, Senior Director, Data and Research.

Five of the most critical vendor evaluation tools that you should have in your cybersecurity risk management toolkit.

You can’t reduce the cyber risks faced by your organization if you don’t know what you’re up against. That’s the purpose of a vulnerability probe.