Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
![Blog Image KEV Research Announcement](/sites/default/files/styles/cta/public/2024/05/01/Blog%20Image%20KEV%20Research%20Announcement.png?itok=dUMFV8Tg)
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
![4 Important Vendor Risk Management Principles For Security Managers](/sites/default/files/styles/4_3_small/public/migration/images/The_4_Most_Important_Vendor_Risk_Management_Principles_For_Security_Managers_-_thumb_1.jpg.webp?itok=nTtpNWf5)
Organizations today aren’t single entities—they are interconnected networks of third parties. And while third party relations are critical for success in most businesses, they also leave data more vulnerable to exposure from bad actors. Because of this, vendor risk management (VRM) is becoming an even more important business practice.
![A Vendor Risk Management Questionnaire Template](/sites/default/files/styles/4_3_small/public/migration/images/AdobeStock_79440695_1.jpeg.webp?itok=rvbYWLaf)
Digital relationships with third-party vendors increase opportunities for growth, but they also increase opportunities for cyberattacks — a recent study found that 61% of U.S. companies said they have experienced a data breach caused by one of their vendors or third parties (up 12% since 2016).
![9 Critical Responsibilities of an IT Security Manager](/sites/default/files/styles/4_3_small/public/migration/images/9_Critical_Responsibilities_Of_The_Cybersecurity_Manager_-_thumb_1.jpg.webp?itok=_DsRh6uN)
An IT security manager’s role and responsibilities can vary, but her are 9 critical functions tasked to this individual at nearly any organization.
![Vendor Due Diligence Checklist](/sites/default/files/styles/4_3_small/public/migration/images/Vendor_Due_Diligence_Checklist_31_Steps_to_Selecting_a_Third_Party_1.jpeg.webp?itok=N05-Q8fL)
The vendor due diligence checklist to steer your procurement decision-making in 5 simple steps. First step: always collect the 7 basic business details.
![Managing Security Risk in Mergers & Acquisitions](/sites/default/files/styles/4_3_small/public/2022/06/03/MA_Blog_Post_Statistical_Analysis_1.jpg.webp?itok=9UDVRI5e)
Every year, companies spend billions of dollars on mergers and acquisitions. (The value of worldwide M&A deals in 2014 totaled $3.5 trillion.) Managing risk throughout the process is an important element of any merger, but there's one area of risk management that hasn't had the attention it deserves.
![13 Cybersecurity Training Tips For Employees (From 7 Insiders)](/sites/default/files/styles/4_3_small/public/migration/images/13%2520Cybersecurity%2520Training%2520Tips%2520For%2520Employees%2520-%2520thumb_1.jpg.webp?itok=Qdh1_b4B)
Anyone in the security space can agree that a solid cybersecurity policy goes a long way. But not everyone in your organization is a security expert. In fact, many employees may not know the first thing about firewalls or viruses—which is why cybersecurity employee training is such a critical matter.
![17 Cybersecurity Thought Leaders You Should Be Following](/sites/default/files/styles/4_3_small/public/migration/images/full-10-cybersecurity-thought-leaders_1.jpg.webp?itok=b42k-Vpv)
As more of the world’s population gains access to the internet and more and more devices come online daily, there are new and emerging cyber threats around every corner.
![3 Software Tools Transforming the Vendor Selection Process](/sites/default/files/styles/4_3_small/public/migration/images/3_Software_Tools_Transforming_the_Vendor_Selection_Process_1.jpeg.webp?itok=wKLCgF24)
The world of procurement has been fundamentally changed by the introduction of technology. Source-to-pay software has brought digital workflows and automation to time-consuming processes like creating RFPs, managing contracts, and remitting payments.
![Automated vendor risk assessment program](/sites/default/files/styles/4_3_small/public/2023/03/13/Automated%20Vendor%20Risk%20Assessment%2C%20SIZED.jpg.webp?itok=3Lq_qH-m)
Using automated vendor risk assessment capabilities and tools you can eliminate manual processes, scale your VRM program, and quickly mitigate risk.
![Cybersecurity Audit vs. Cybersecurity Assessment](/sites/default/files/styles/4_3_small/public/migration/images/Cybersecurity_Audit_Vs_Cybersecurity_Assessment_Which_Do_You_Need__-_thumb_1.jpg.webp?itok=BMBhp7aQ)
Whether you’re a security leader asked by the board to facilitate a cyber security audit, or a member of the board planning to request one, it’s crucial to know what is a cybersecurity audit & what it isn’t. You need to know precisely what is being asked for to make sure the right information is collected.
![Third-party ecosystem automation](/sites/default/files/styles/4_3_small/public/2022/12/02/Third-Party%20Ecosystem%2C%20SIZED.jpg.webp?itok=Mv5_k3uj)
Learn how to automate cyber risk management across your third-party ecosystem from onboarding through the life of the relationship.
![4 Ways to Minimize the Risk of a Third-Party Data Breach](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_739310431_1.jpg.webp?itok=UgdfAYOf)
Today, 59% of data breaches originate with third-party vendors. And, as globalization brings more interconnected supply chains, that number is anticipated to grow.
![5 Common Issues In Building An Information Security Management System](/sites/default/files/styles/4_3_small/public/migration/images/5_Common_Issues_When_Building_An_Information_Security_Management_System_-_thumb_1.jpg.webp?itok=7ZXoityN)
An information security management system (ISMS) is a structured approach used to better manage your company’s most critical data and information. It can be achieved by adopting an ISMS standard like ISO 27001 or NIST 800-53 and through a certification process. But integrating an information security management system at your organization can be fraught with issues and complexities. Below, we’ve outlined five issues you should avoid while building out your ISMS.
![OFAC sanctions vendor risk management](/sites/default/files/styles/4_3_small/public/2023/01/04/OFAC-sanctions-vendor-risk-management.jpg.webp?itok=1q_CK2jx)
Are you aware of the risks involved in doing business with parties sanctioned by the Office of Financial Assets Control (OFAC)?
![The 5 Pillars Of Cybersecurity In Financial Services](/sites/default/files/styles/4_3_small/public/migration/images/Thumb-The-5-Pillars-Of-Cybersecurity-In-Financial-Services_2.jpg.webp?itok=u9yfQwMl)
Financial services is a wide industry, encompassing banks, insurance companies, investment firms, analysts, consultants, and many more. We’ve found financial services to be one of the best performing sectors in terms of cybersecurity. We’ve been able to pinpoint a handful of basic facts, ideas, and principles that make the financial sector so successful at cybersecurity, and we’ve outlined those “pillars” below. Take a look!