Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

Harnessing Cyber Risk Modeling to Navigate Modern Business Threats

‍Embracing cyber risk management during a time in which the average cost of a data breach nearly surpasses $5 million is not merely a strategic option; it’s an absolute imperative. ‍ This calculated move, however, is not as straightforward as deploying an end-point detection solution, for example, or conducting monthly cybersecurity awareness sessions.

Salt Typhoon, The Shadow in the Digital Storm

Salt Typhoon is suspected to be an Advanced Persistent Threat (APT) group. Their origins are linked to state-sponsored entities in Asia, leveraging their technical expertise to breach some of the world’s most critical telecom infrastructure. Unlike ransomware groups that aim for monetary gain, Salt Typhoon’s primary objective is espionage, focusing on data theft and surveillance.

Why CASB Solutions Are Unsuitable for Detecting AI Usage in Organizations

Cloud Access Security Brokers (CASBs) are essential tools for many enterprises, acting as intermediaries between users and cloud services to provide visibility, enforce security policies, and ensure compliance. While CASBs excel at managing traditional SaaS (Software-as-a-Service) applications, they fall short when it comes to detecting and managing the use of AI tools within an organization.

Stop Demonizing CVSS: Fix the Real Problem

If you read the newest risk-based vulnerability management literature, it appears we have a new favorite punching bag: the Common Vulnerability Scoring System (CVSS). You seemingly can’t throw a rock into the “vuln-o-sphere” without hitting someone dunking on CVSS or the National Vulnerability Database (NVD). The argument goes something like this: “Exploitation rates are up, ransomware is surging, and vulnerabilities are multiplying like rabbits.

Instant Insights for SOC 2 Reporting: Using AI to Streamline Vendor Assessments

With technology supply chain risks at an all-time high, many governance, risk, and compliance (GRC) teams conduct formal risk assessments as part of their new vendor selection and onboarding processes. Audit-based reporting frameworks like SOC 2 are invaluable to these efforts, as they provide a consistent way to benchmark prospective vendors’ customer data management practices.

Shaping our 2025 Data Engine Priorities: Industry Evolution and Customer Feedback

The effectiveness of external attack surface management (EASM) and third-party risk management (TPRM) capabilities hinges on the depth, breadth, and timeliness of the underlying data they are based on. For this reason, Bitsight makes a significant ongoing investment in: The introduction of Bitsight’s next-generation data engine enabled many improvements to our capabilities across all of these areas throughout 2024.

Information Security Risk Management: A Comprehensive Guide to Protecting Your Data

In an age where data breaches make headlines almost daily, safeguarding sensitive information has never been more crucial. The rapid advancement of technology has made our personal and professional data vulnerable, raising the stakes for effective security measures. Information Security Risk Management (ISRM) emerges as a necessary framework to defend against these escalating threats.

Ahead of the curve: Proactively managing third-party risks

According to a Gartner report, 60% of organizations will rely on third-party vendors for more than half of their critical business operations by 2025. However, Gartner also warns that third-party risk events – such as data breaches or compliance violations – will increase by 30% in the same timeframe. As a technology leader, these figures resonate deeply with the challenges I see organizations facing daily.