BITSIGHT SECURITY RATINGS BLOG

Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.

Filter by Topic

Filter by Date

Nobelium Attack Highlights Risk of Exposed Credentials

Microsoft recently announced that the threat actor Nobelium continues to target government agencies, think tanks, consultants, and non-government organizations with cyber attacks. 

READ MORE »

What’s Most Notable in Biden’s Cybersecurity Executive Order?

In light of recent significant attacks targeting the U.S. government, the Biden administration issued an Executive Order (EO) on cybersecurity on May 8, 2021.

Overall, the EO starts to fill in some critical gaps in US government...

READ MORE »

A response to Security Ratings - Love, Loathe or Live With Them

A week ago (which seems like a world ago given everything that’s happened with SolarWinds) Phil Venables -- formerly CISO of Goldman Sachs and now CISO of Google Cloud -- posted an interesting expose on security ratings this week. Phil...

READ MORE »

U.S. Election Security, Part 1: Voting Systems Vendors’ Cybersecurity is Improving

Significant concerns have been raised about the security of the 2020 United States election. Hundreds of millions of dollars in Federal funding has been made available to state and local governments to improve the security of election...

READ MORE »

New Study Reveals Cybersecurity Risks in the World’s Largest Airports

Back in 1990, Hollywood producers imagined a complex plot in which an army of mercenaries with malicious intent hack into and take over the air traffic control system at Washington Dulles International Airport. The result was the...

READ MORE »

The DoD’s Cybersecurity Maturity Model Certification Draws a Line in the Sand for Third Party Risk

Federal technology contractors hold the keys to our nation’s security in their networks, servers, and databases. Yet, recent incidents point to worrisome vulnerabilities that indicate increased cyber risk to defense contractors and the...

READ MORE »

From Framework to Application: Security Ratings and NIST

This is the introductory post in a series exploring how security ratings can address key aspects of the National Institutes of Standards and Technology’s (NIST) Framework for Improving Critical Infrastructure Cybersecurity. The purpose...

READ MORE »

Security Performance in the Utilities Sector: Steps for Progress

For years, it has been widely-known that the Utilities industry has struggled with cyber security in relation to other industries. In 2014, Unisys and the Ponemon Institute found that 70% of Utility companies surveyed around the world...

READ MORE »

2015 Information Security Predictions Round-up

It's the time of year that every media outlet talks about predictions and resolutions. We've compiled a list of the most interesting and/or relevant information security predictions for 2015 and added a few of our own, courtesy of...

READ MORE »
Load More

Subscribe to get security news and updates in your inbox.