Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
![Critical Vulnerabilities Discovered in Automated Tank Gauge Systems](/sites/default/files/styles/cta/public/2024/09/20/Critical%20Vulnerabilities%20Discovered%20in%20Automated%20Tank%20Gauge%20Systems.png?itok=P_4HIbmY)
Critical Vulnerabilities Discovered in Automated Tank Gauge Systems
Bitsight TRACE explores several critical vulnerabilities discovered in ATG systems and their inherent risk when exposed to the Internet.
![A brief introduction to Industrial Control Systems and Security hero](/sites/default/files/styles/4_3_small/public/2024/08/05/A%20brief%20introduction%20to%20Industrial%20Control%20Systems%20and%20Security%20hero.png.webp?itok=Z_k9IJq5)
Much of your daily life depends on Industrial Control Systems(ICSs). We’ll cover ICSs unique characteristics and some of the challenges in applying IT security practices or technology to them.
![Types of Penetration Testing: Which Is Right for Your Business?](/sites/default/files/styles/4_3_small/public/2023/06/08/Types-of-Penetration-Testing-Which-Is-Right-for-Your-Business.jpg.webp?itok=KHbnAe2k)
Penetration tests (a.k.a. pen tests) are point-in-time cyber risk assessments. They allow IT and security professionals to assess the adequacy of security controls, including intrusion detection and response systems, and identify weaknesses that need attention.
![CISOs - Technical Debt Consolidation](/sites/default/files/styles/4_3_small/public/2024/07/18/CISOs-%20Technical%20Debt%20Consolidation.png.webp?itok=p1rJFoPS)
Read this blog to discover how tackling technical debt can transform your cybersecurity strategy, boost efficiency, and ensure compliance.
![Dont RegreSSH An Anti-Pavlovian Approach to Celebrity Vulns-hero](/sites/default/files/styles/4_3_small/public/2024/07/29/Dont%20RegreSSH%20An%20Anti-Pavlovian%20Approach%20to%20Celebrity%20Vulns-hero.png.webp?itok=u1gsvQxu)
Before Crowdstrike caused the world to melt down for a few days, the talk of the security town was a recent OpenSSH vulnerability. Let's revisit CVE-2024-6387.
![Trust Management Hub blog](/sites/default/files/styles/4_3_small/public/2024/07/25/trust-management-hub-blog-min.jpg.webp?itok=zIkpjSle)
Trust Management Hub gives GRC teams a centralized & scalable way to manage & share critical security questionnaires and documentation.
![crowdstrike timeline mystery hero](/sites/default/files/styles/4_3_small/public/2024/07/23/crowdstrike-blog.png.webp?itok=tAaVgKud)
Bitsight's analysis of the CrowdStrike outage and timeline mysteries.
![4 Important Vendor Risk Management Principles For Security Managers](/sites/default/files/styles/4_3_small/public/migration/images/The_4_Most_Important_Vendor_Risk_Management_Principles_For_Security_Managers_-_thumb_1.jpg.webp?itok=nTtpNWf5)
Organizations today aren’t single entities—they are interconnected networks of third parties. And while third party relations are critical for success in most businesses, they also leave data more vulnerable to exposure from bad actors. Because of this, vendor risk management (VRM) is becoming an even more important business practice.
![Groma-blog-hero](/sites/default/files/styles/4_3_small/public/2024/07/22/Groma-blog-hero.png.webp?itok=eFdYkFmA)
This post will focus on recent developments in Bitsight Groma.
![What is Cybersecurity Compliance?](/sites/default/files/styles/4_3_small/public/2024/09/30/What%20is%20Cybersecurity%20Compliance.png.webp?itok=gvjz_BAM)
If you operate in specific sectors, cybersecurity maturity is more than a best practice, it’s a regulatory requirement. These regulations are complex and constantly changing. To help you better understand your organization's regulatory environment and the standards and controls they stipulate, let's break down key cyber compliance regulations by industry.
![Crowdstrike-outage-blog](/sites/default/files/styles/4_3_small/public/2024/07/19/Crowdstrike-outage-blog.png.webp?itok=aFkrdu8G)
We’re closely analyzing the cause of–and response to–the CrowdStrike global incident to better understand how organizations can understand and mitigate risk.
![KEV cutting room floor hero](/sites/default/files/styles/4_3_small/public/2024/07/12/KEV-cutting-room-floor-hero.png.webp?itok=cfJBjp-Z)
Curious about software vulnerabilities and their fixes? Check out my latest blog on KEV exposures and common weaknesses for surprising insights!
![What is IT Risk Management?](/sites/default/files/styles/4_3_small/public/migration/images/Full-What-Is-Information-Risk-Management_1.jpg.webp?itok=dKbP9pZy)
Learn the definition of IT risk management & the steps your organization can take to protect itself from cybersecurity risk across your business ecosystem.
![Empty piggy bank to show cut budgets](/sites/default/files/styles/4_3_small/public/2023/06/30/Budget%20Scrutiny%2C%20SIZED.jpeg.webp?itok=p1fmoKSA)
Economic pressures push CISOs to justify resources and consolidate tech for data, operational, and cost efficiency. Bitsight aids with comprehensive risk data and solutions.
![The Impact of the Kaspersky Ban](/sites/default/files/styles/4_3_small/public/2024/07/08/The%20Impact%20of%20the%20Kaspersky%20Ban%20hero.png.webp?itok=s-Xf1UdO)
How will the prohibition of Kaspersky Lab, Inc. impact global users? Read our analysis of the prevalence of Kaspersky products used by organizations around the globe.
![NIS2 Requirements- Get a Handle on Critical Supplier Assessments](/sites/default/files/styles/4_3_small/public/2024/07/02/NIS2%20Requirements-%20Get%20a%20Handle%20on%20Critical%20Supplier%20Assessments.png.webp?itok=EEzpHRu6)
How do you determine who is a 'critical supplier'? Delve into practical strategies to identify crucial partners and ensure compliance with NIS2 requirements.