Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
As time goes on, organizations are taking on more and more new digital transformation initiatives to become increasingly agile and boost productivity — dramatically transforming the number of digital touchpoints employees interact with on a day-to-day basis.
Earlier this month, ZDNet broke the news that the FBI had sent a cybersecurity alert to the U.S. private sector warning of an ongoing hacking campaign against supply chain software providers. According to the FBI, hackers are attempting to infect upstream companies — particularly those in the energy sector — with the Kwampirs malware, a remote access trojan (RAT).
In today’s interconnected world, supply chains are growing exponentially. As a result, third-party risk has become a big focus for senior management. But what about the vendors that your suppliers rely on and the threat of fourth-party risk?
Third-party vendors are an essential part of today’s business ecosystem. A study by Gartner finds that, in 2019, 60% of organizations work with more than 1,000 third parties and those networks are only expected to grow.
Companies are becoming increasingly reliant on third-party relationships, and cyber attacks originating in the systems of third parties are on the rise.
2019 has been a year of high-profile attacks, and, as we predicted, it’s only getting worse. That’s certainly the case for Airbus.
This post was originally published November 12, 2015 and has been updated for accuracy and comprehensiveness
This post was originally published October 31, 2016 and has been updated for accuracy and comprehensiveness
As the importance of third-party risk management (TPRM) continues to grow, organizations are hiring for related roles more seriously than ever before. To compensate, security and risk professionals are seeking out certification programs in TPRM to learn new skills and validate their expertise.
With high-profile breaches being traced back to supply chain vulnerabilities and a regulatory environment that’s waking up to the realities of vendor risk, many organizations are investing heavily in third-party risk management (TPRM) programs.
A new report from McKinsey & Company sheds light on something we’ve known for many years – organizations are struggling to make significant progress in managing cybersecurity risk in their supply chains.
When launching a third-party risk management (TPRM) program, one of the best places to begin to be proactive about mitigating cyber risk from your third parties is by examining the vulnerabilities present on their network. Despite global knowledge of the harm that vulnerabilities can do to users and businesses alike, they still continue to persist and cause business interruption worldwide.
The North American Electric Reliability Corporation (NERC) has developed a new set of cybersecurity standards designed to help power and utility (P&U) companies limit their exposure to third-party cyber risks and preserve the reliability of bulk electric systems (BES).
In June 2018, the European Banking Authority (EBA) put forth guidelines on outsourcing arrangements that highlighted the importance of risk management within financial organizations. The notice of these guidelines was announced in June 2018 and will be enforced later in 2019.
Since creating the Security Ratings market in 2011, a core component of Bitsight’s value to users has been providing industry-leading comprehensive visibility into malware communications.