Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Bitsight and Google collaborate to reveal global cybersecurity performance
Bitsight and Google collaborate to reveal global cybersecurity performance
This joint study between Bitsight and Google arms organizations with actionable insights, providing the current status of global cybersecurity performance by analyzing nearly 100,000 global organizations across 16 cybersecurity controls and nine industries amid heightened stakeholder demands on cybersecurity strategy.
This quarter, Bitsight released several new product features that enable organizations to more rapidly assess, prioritize and manage cyber risk. These new capabilities — the Portfolio Risk Matrix and Asset Risk Matrix — leverage Bitsight’s market-leading data to provide risk prioritization, helping customers address the most important risks within their own environment as well as their broader third-party ecosystem.
Businesses are becoming increasingly reliant on outsourced IT services to support day-to-day operations.
Retail operations, whether in-store or online, rely on a long chain of connections between third parties. When attackers target one of these third parties, they can wreak havoc on the supply chain, affecting business operations up and down the line.
Banks and other financial institutions are a proving ground for new risk management methods. High risk and intense regulations feed into a culture of serious, comprehensive security — a culture that has manifested in mature methodologies such as the three lines of defense.
Business leaders now realize that their data is being exposed to risk by their vendors, and that monitoring and remediating these threats is a necessary part of an effective cybersecurity program.
Over the course of this blog series, we’ve addressed some of the major concepts surrounding third-party risk, as well as addressed some misconceptions. In this final post, we’ll continue to examine the last three of the top notions surrounding third-party risk management programs and weed out fact from fiction.
There are many third-party risk concepts, some of which we addressed in the first blog post of this series. While third-party risk management (TPRM) programs are becoming increasingly common for businesses, there are still some misconceptions about the elements that comprise them. In the second post of our three-part blog series, we’ll take a look at some of the notions surrounding third-party risk management programs and weed out fact from fiction.
With the number of third parties connected to businesses increasing, risk and security teams need to ensure they are spending the right amount of attention on the right third parties. To do this, organizations need a clearly defined, tiered portfolio of third parties, vendors, and suppliers. Today, many companies tier their third parties based on the inherent risk they present, and the types of data they handle or have access to.
It’s no secret that while it is critical for an organization to have a strong cybersecurity posture, it’s just as important for their third parties to have a strong security posture as well. While this fact is becoming increasingly more acknowledged in the business world (as many companies suffer data breaches at the hands of their suppliers), there are still several misconceptions about third-party risk management (TPRM) programs and what they entail. Among the many initiatives that make up a modern enterprise cybersecurity program, TPRM might be the most misunderstood.
On a Friday morning in October 2016, millions of people across North America attempted to visit popular websites including Spotify, Reddit, and the New York Times, only to find that they were inaccessible.
Within the Bitsight Security Ratings platform, we prioritize features that help organizations both identify and manage risks across their own networks and the networks of their third parties. Bitsight now enables users to identify organizations who are potentially vulnerable to VPNFilter malware or Oracle’s WebLogic server problems.
If you’ve done your homework as a cybersecurity professional, then you know that third-party vendors with substandard security controls and processes could be putting your organization at risk.
In a world where business is increasingly conducted on mobile devices, it is imperative that organizations offer mobile applications to serve their customer base. In fact, for many businesses, mobile applications are one of the primary channels used to interact with customers and to sell products and services.
As advances in cloud computing and managed services have made IT operations more streamlined, the focus of IT leaders has shifted to improving efficiency, agility, and risk management. Managing risk, in particular, has become an even more central concern.
Mitigating risk is an essential business function that should cover obvious domains — like financial risk — but also include reputational, strategic, and operational risks.