BITSIGHT SECURITY RATINGS BLOG

Management consultants, accountants, public safety offices, marketing firms, and many more business and professional services organizations are high-value targets for cybercriminals due to the range of confidential client information they...

A new report from the Information Security Forum (ISF) contains some fascinating insights into how hackers probe and exploit people's psychological vulnerabilities to gain access to corporate systems. From phishing to "whaling" (targeting...

The old adage “it’s hard to find good help these days” has never been more true than when talking about security management. The well-documented cybersecurity shortage is very real, and the long hours and pressure experienced by those who...

In a new Forrester study commissioned by BitSight, “Better Security And Business Outcomes With Security Performance Management”, key findings implicate the strong need for businesses worldwide to invest in a robust security performance...

With economic sanctions being levied by the US against Iran and a trade war heating up with China, some security experts are cautioning that attacks targeting US critical infrastructure may be inevitable. Are electric utilities prepared to...

When it comes to managing your organization’s cybersecurity performance, understanding the business context in which you make decisions is key. By leveraging security ratings you can understand the efficacy of your current security...

If you’ve done any research into improving network security, you’ve probably seen one suggestion repeated again and again: close your open ports.

Why is this such a common recommendation? Are open port vulnerabilities really a big deal?...

If you’ve glanced at the opinion columns of security industry publications, you’ve probably seen the term “risk-based” floating around, as in “the time is now for a comprehensive, risk-based approach” or “a risk-based approach to security...

Penetration tests (a.k.a. pen tests) are point-in-time assessments of cybersecurity. They allow IT and security professionals to assess the adequacy of security controls, including intrusion detection and response systems, and identify...