|
By Tim Grieveson
One of the biggest benefits that an exposure management program can afford a security program is the power of risk-informed prioritization. When security leaders think of tooling like attack surface management (ASM) platforms, the most evident prioritization benefits come in the day-to-day tactical decisions of which threats and which exposures to have SecOps practitioners tackle first.
|
By Sabrina Pagnotta
Supply chain cybersecurity and resilience have become pivotal across various cyber regulations, most notably NIS2 and DORA. In this blog, stemming from our latest ebook '5 Proven Strategies to Maximize Supply Chain Cyber Risk Management’, we will explore the reasons why resilience is a new mandate for CISOs today and, most importantly, how to secure the supply chain at scale—in line with evolving regulatory requirements.
|
By Pedro Umbelino
Everyone knows that running outdated computer applications comes with annoyances and risks. An outdated application might face performance issues or just become slower than modern versions. It might face compatibility issues and have limited functionalities. It might lose technical support and even fail to meet current industry standards and regulations, which could put your organization at risk for non-compliance penalties and legal action.
|
By Fábio Freitas
At Bitsight, part of the core work of the Vulnerability Research team is to analyze new high-profile vulnerabilities and ensure we come up with ways to detect, at an internet-wide scale, who is affected by these. Sometimes - more often than not - the direct exploitation of these vulnerabilities is significantly intrusive, and thus we can not load a direct port of the publicly available Proofs-of-Concept onto our internet scanning infrastructure.
|
By Ariela Silberstein
As communicated in January, Bitsight will conduct a ratings algorithm update (RAU) on July 10, 2024, as part of our ongoing efforts to optimize our methodology to provide the best external indicator of the performance of cybersecurity controls. Today, we’re excited to announce that our 2024 RAU is available to preview in the Bitsight applications.
|
By Tim Grieveson
The role of the Chief Information Security Officer (CISO) or Security Leader has undergone a transformation as profound as the threats we face. Between new regulations such as SEC, NIS2, and DORA, the explosion of generative AI, and the rapidly expanding attack surface, the burden is now on cybersecurity leaders to not only protect the organization but build confidence with customers, regulators, board members, and other stakeholders. The key to building trust? Storytelling.
In light of the SEC's cybersecurity disclosure regulations in the US and NIS2 in Europe, corporate executives and institutional investors are facing a pressing need to align their expectations and improve understanding around cybersecurity risk management. The evolving threat landscape and regulatory environment highlight the importance of cohesive strategies to measure, prioritize, mitigate, and communicate cyber risks effectively.
|
By Jai Vijayan
Digital transformation initiatives and the adoption of cloud, mobile, and remote work models have eviscerated the traditional security perimeter. Enterprise assets are distributed across the cloud, endpoints, mobile, and personally owned devices and expanded the attack surface in the process. Organizations are increasingly vulnerable to attack via unknown and unmanaged Internet-facing assets.
|
By Tim Grieveson
The role of the Chief Information Security Officer (CISO) has undergone a transformation as profound as the threats we face. Between new regulations such as SEC, NIS2, and DORA, the explosion of generative AI, and the rapidly expanding attack surface, the burden is now on cybersecurity leaders to not only protect the organization but build confidence with customers, regulators, board members, and other stakeholders. The key to building trust? Storytelling.
|
By George V. Hulme
In recent years, there's only been a handful of data breaches within public companies that could be considered financially "material." These breaches include those often pointed to as examples in cybersecurity presentations: the 2013 Target breach, the 2017 Equifax breach, the 2019 Capital One breach, and most recently, the Colonial Pipeline incident.
|
By BitSight
Streamline Assessments, Monitor Vendors, and Validate Security Posture with Ease. No more manual workflows or toggling between tools—with Bitsight VRM, part of the industry’s first end-to-end third-party risk management solution, you can effortlessly navigate through risk assessments and continuous monitoring with just a flip of a switch. Discover a new level of clarity and efficiency with instant access to an ever-growing network of 40,000+ vendor profiles. Track onboarding and validate questionnaire responses with objective data to make informed decisions and expedite risk mitigation.
|
By BitSight
With our latest Bitsight Continuous Monitoring enhancement, we help security leaders connect cyber risk to business risk when it comes to their vendor relationships. Risk Analytics expedites decision-making with portfolio-wide risk insights and data tied to key risk indicators.
|
By BitSight
Take a peek into our latest Bitsight Continuous Monitoring enhancement that helps you surface both known and, more importantly, unknown vendor relationships. With Vendor Discovery, we shine a light on Shadow IT within your organization so you can understand the full scope of your third-party cyber risk to your business.
|
By BitSight
Learn how experts think about the recent SEC cyber regulations with this panel interview. Gain perspective on the impact for public company CISOs and their security programs, how leaders think about objective metrics as a part of disclosure, and the opportunity ahead.
|
By BitSight
Bitsight Portfolio Risk Analytics provides governance, risk, and security teams actionable insights into material risk across the vendor ecosystem. It’s a simple-to-use view into hidden risk across the portfolio that could someday manifest into very visible business impact.
|
By BitSight
Did you know that 69% of organizations have experienced some type of cyber attack in which the attack itself started through the exploit of an unknown, unmanaged, or poorly managed internet-facing asset? Understanding the scope of your organization’s external attack surface is essential. You need to continuously manage your digital footprint to know where risks exist and how to prioritize vulnerable areas. Gain visibility into what an attacker sees and take informed action to reduce exposure and empower your organization’s growth and success.
|
By BitSight
In today’s economic environment, nearly every department in every organization across the globe is being challenged to do more with less. Meanwhile, digital footprints continue to grow and sprawl and cyber attackers look to take advantage of vulnerable infrastructure. Organizations need to assess how they can be more resourceful as they look to maintain a best-in-class cyber risk program and continue to meet business expectations.
|
By BitSight
Join Vanessa Jankowski, SVP of Third Party Risk Management, and Greg Keshian, SVP of Security Performance Management, as they explore key findings from the 2023 KuppingerCole Leadership Compass Report for Attack Surface Management with John Tolbert, Director of Cybersecurity at KuppingerCole Analysts. In today's interconnected digital landscape, managing your exposure strategy for your infrastructure and your supply chain is paramount. They discuss strategies to fortify cybersecurity defenses and minimize risks.
|
By BitSight
In this Dark Reading News Desk segment, Bitsight's Gregory Keshian discusses external attack surface management and security performance management. Greg reviews how the emerging discipline of security performance management (SPM) can better secure a company's attack surface. He offers guidance for how to mitigate problems and enumerates the major catalysts affecting attack surfaces, and how governance frameworks can be incorporated to ensure organizational compliance with state and federal laws.
|
By BitSight
Learn how experts think about the recent SEC cyber regulations with this short spotlight. Gain perspective on the impact for public company CISOs and their security programs, how leaders think about objective metrics as a part of disclosure, and the opportunity ahead.
|
By BitSight
Cybersecurity ROI isn't about cost savings. It's about how your cybersecurity program helps you achieve your goals while managing risk to a level that your executive team is comfortable with. So if you shouldn't measure success in cost savings, how do you measure it? BitSight is providing five steps that help CISOs and executive teams evaluate their company's cybersecurity performance.
|
By BitSight
Are you overwhelmed by the intricacies of your attack surface? Concerned about the rising risk of vulnerabilities in your and your partners' digital ecosystems? New BitSight research finds that the average vulnerability remediation rate across organizations is about 5 percent per month, sparking concern that the status quo of exposure and vulnerability management is broken. Moreover, organizations face significant challenges in managing vulnerabilities in their extended, third-party ecosystem, and most security leaders do not have the tools to address these emerging threats.
|
By BitSight
Traditional vendor risk management programs are not effective at mitigating risk in ever-expanding third-party networks, and yet 69% of businesses still rely on manual processes. It's time to take your program to the next level. How can you centralize, automate, and streamline your process to manage hundreds of vendors as effectively as you manage ten? Scalable VRM continuously detects, monitors, and mitigates risk, going beyond due diligence and initial assessments to constantly reassess and proactively act on vendor risk.
|
By BitSight
Stop reacting to cyber risk as it comes. BitSight for Security Performance Management empowers security leaders to strengthen cyber resilience over time with objective, meaningful, and evidence-based metrics. Gain insights, drive decisions, and build confidence with our suite of advanced analytics.
- April 2024 (10)
- March 2024 (7)
- February 2024 (7)
- January 2024 (27)
- December 2023 (4)
- November 2023 (7)
- October 2023 (10)
- September 2023 (11)
- August 2023 (16)
- July 2023 (17)
- June 2023 (13)
- May 2023 (17)
- April 2023 (20)
- March 2023 (8)
- December 2022 (2)
- August 2022 (2)
- July 2022 (8)
Bitsight is a cyber risk management leader transforming how companies manage exposure, performance, and risk for themselves and their third parties. Global enterprises, governments, and organizations rely on Bitsight to prioritize their cybersecurity investments, build greater trust within their ecosystem, and reduce their chances of financial loss. When unrelenting market pressure pushes organizations to uncertainty and caution, they turn to Bitsight to confidently navigate cyber risk and grow with confidence.
Bitsight's universally recognized risk standard and market-leading data provides actionable insights into how companies set and manage to standards and report results to internal and external stakeholders. Built on over a decade of technological innovation, Bitsight's integrated solutions deliver value across enterprise security performance, digital supply chains, cyber insurance, and data analysis.
Bitsight is on a mission to free the global economy from the material impact of cyber incidents.