Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.

Filter by Topic

Filter by Date

Breach Reporting & The Need for More Transparency

Fact: due to inconsistent breach regulation and reporting standards, when a breach occurs, consumers and businesses can't assume that they will always be notified.  


Cyber security, risk and privacy hot topics at 2014 World Economic Forum

Once a year, political leaders and business executives gather in Davos, Switzerland to discuss political and economic issues of global importance at the World Economic Forum (WEF).  This meeting occurred last week, and I was pleased to...


Target Breach Investigation Shows Tangled Web of Third Party Risks

As more and more details surrounding the Target breach continue to unfold, it's becoming evident just how complicated it can be for investigators and journalists to follow the trail of evidence left behind. The latest reports suggest...


The Impact of Target’s Data Breach Throughout the Partner Ecosystem

Many of the facts surrounding the Target breach still remain unclear, even as details continue to emerge publicly. We still don’t know what the final tally of breached organizations will be, but the list keeps growing. In addition to...


Security Success is Found When Continuously Measuring the Right Things, Across Your Ecosystem

Security monitoring and measuring needs to be expanded to trusted third parties; here’s why. 

When it comes to securing sensitive data from attack, there’s certainly no lack of evidence that current tactics are falling short. This is...


Target & Neiman Marcus Are Not Alone: Malware in the Retail Sector

The past few weeks have been full of news regarding cyber attacks in the retail sector. First Target, and then Neiman Marcus. Now news outlets are reporting that three other well-known retailers may announce breaches that occurred in...


Risk 101: Using Data to Better Understand Information Security Risk

The answer to the question of how organizations can evaluate information security risk depends on how we first think about risk in cyberspace. Good security risk management is a combination of data, processes, technology, and education....


Security Ratings Uncover Decline in Security Posture of US Retailers

In light of the recent news of retailers being attacked late last year, we at BitSight looked into our security ratings (an external measure of a company’s security posture) to gain some insight into these attacks. 


Risk Universe Explores Vendor Risk Management with Mike Duffy

With increased emphasis on third party risk management coming down from regulators and executive boards alike, cyber risk in the extended enterprise is shaping up to be a hot topic in 2014.

BitSight board member Mike Duffy recently...

Load More

Get the Weekly Cybersecurity Newsletter.