Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Critical Vulnerabilities Discovered in Automated Tank Gauge Systems
Bitsight TRACE explores several critical vulnerabilities discovered in ATG systems and their inherent risk when exposed to the Internet.
Organizations today aren’t single entities—they are interconnected networks of third parties. And while third party relations are critical for success in most businesses, they also leave data more vulnerable to exposure from bad actors. Because of this, vendor risk management (VRM) is becoming an even more important business practice.
Digital relationships with third-party vendors increase opportunities for growth, but they also increase opportunities for cyberattacks — a recent study found that 61% of U.S. companies said they have experienced a data breach caused by one of their vendors or third parties (up 12% since 2016).
Third party risk management is trending following major data breaches affecting organizations through their vendors. But what is TPRM?
An IT security manager’s role and responsibilities can vary, but her are 9 critical functions tasked to this individual at nearly any organization.
Security ratings, or cyber security ratings, are a data-driven, objective and dynamic measurement of an organization’s security performance. Thousands of organizations around the world use Bitsight Security Ratings as a tool to address a variety of critical, interconnected internal and external use cases at scale in order to enable more effective decision making throughout the global business ecosystem.
The vendor due diligence checklist to steer your procurement decision-making in 5 simple steps. First step: always collect the 7 basic business details.
Vendor Risk Management is the practice of evaluating business partners, suppliers, or third-party vendors both before a business relationship is established and during the duration of your business contract. This is an important concept and practice to put in place during the evaluation of your vendors and the procurement process.
You may have heard the term “digital supply chain management” being used to describe an emerging business function. But what exactly is a digital supply chain, and how is one supposed to manage it?
While all areas of risk management involve blind spots, supply chain risk management might be the murkiest. To be effective in this field, risk professionals must account for risks from a wide variety of sources, from bad password management to geopolitical upheaval. Supply chain risks can be difficult to detect, unpredictable, and fast-moving.
Every year, companies spend billions of dollars on mergers and acquisitions. (The value of worldwide M&A deals in 2014 totaled $3.5 trillion.) Managing risk throughout the process is an important element of any merger, but there's one area of risk management that hasn't had the attention it deserves.
Anyone in the security space can agree that a solid cybersecurity policy goes a long way. But not everyone in your organization is a security expert. In fact, many employees may not know the first thing about firewalls or viruses—which is why cybersecurity employee training is such a critical matter.
As more of the world’s population gains access to the internet and more and more devices come online daily, there are new and emerging cyber threats around every corner.
The world of procurement has been fundamentally changed by the introduction of technology. Source-to-pay software has brought digital workflows and automation to time-consuming processes like creating RFPs, managing contracts, and remitting payments.
Using automated vendor risk assessment capabilities and tools you can eliminate manual processes, scale your VRM program, and quickly mitigate risk.
Whether you’re a security leader asked by the board to facilitate a cyber security audit, or a member of the board planning to request one, it’s crucial to know what is a cybersecurity audit & what it isn’t. You need to know precisely what is being asked for to make sure the right information is collected.