Category: BitSight Security Ratings Blog

Read the original article: BitSight Observations Into HAFNIUM Attacks, Part Three: Exploitation and Vulnerability Persists Organizations around the globe continue to address the fallout from the Microsoft Exchange Server zero-day attacks. It was recently announced that hackers may now be…

Read more →

Read the original article: Why The DOD Is Making Cybersecurity Maturity Evaluation Mandatory (And Why You Should Too) Government agencies in the United States are yet again suffering from a widespread data hack, this time originating from Microsoft Exchange servers.…

Read more →

Read the original article: Department of Defense Cybersecurity Maturity Model Government agencies in the United States are yet again suffering from a widespread data hack, this time originating from Microsoft Exchange servers. This breach comes less than five months after…

Read more →

Read the original article: BitSight Observations Into HAFNIUM Attacks, Part Two Microsoft Exchange is a critical business software used by organizations around the world for email. Sensitive data and communications are stored and transacted on the platform daily. In an…

Read more →

Read the original article: Should Security Ratings Require Independent Verification? As a recent Forrester report highlighted, there are many cybersecurity ratings available. Security ratings have a valuable place in your cyber risk mitigation strategy   Become a supporter of IT…

Read more →

Read the original article: BitSight Observations Into the HAFNIUM Attacks: Part One On March 2, Microsoft announced that it has detected multiple zero-day exploits being used to attack on-premises versions of Microsoft Exchange Server. According to Microsoft, in the attacks…

Read more →

Read the original article: BitSight Observations Into HAFNIUM: Part One On March 2, Microsoft announced that it has detected multiple zero-day exploits being used to attack on-premises versions of Microsoft Exchange Server. According to Microsoft, in the attacks observed, cybersecurity…

Read more →

Read the original article: BitSight Is A Partner for Cybersecurity In Law Enforcement You can tell a lot about someone by the company they keep, and the same goes for your security ratings partner. All security ratings are not created…

Read more →

Read the original article: BitSight Is Partner for Cybersecurity In Law Enforcement You can tell a lot about someone by the company they keep, and the same goes for your security ratings partner. All security ratings are not created equal.…

Read more →

Read the original article: Shadow IT: Your Urgent Questions Answered Your IT department spends a great deal of time distributing security information and maintaining your organization’s internal security processes. Unfortunately, a persistent threat, deemed shadow IT, is still making its…

Read more →

Read the original article: How to prevent data leaks It’s every security manager’s worst nightmare. A member of the IT department reaches to alert that malicious software has been detected on an internal network, and the hacker potentially has access…

Read more →

Read the original article: How to prevent data leaks It’s every security manager’s worst nightmare. A member of the IT department reaches to alert that malicious software has been detected on an internal network, and the hacker potentially has access…

Read more →

Read the original article: Three Things You Should Ask Your Security Ratings Partner BitSight was recently named a Leader in The Forrester New Wave™: Cybersecurity Risk Rating Solutions, Q1 2021.   As the creator and largest vendor by market presence…

Read more →

Read the original article: What is cybersecurity enterprise risk management Despite the best efforts from security and risk leaders, it can be extremely difficult to establish an efficient and effective enterprise risk management plan. As with anything that requires buy-in…

Read more →

Read the original article: How to Measure Cybersecurity Risk Across Your Digital Ecosystem Cyber risk is everywhere. As organizations become increasingly interconnected — across business units, geographies, subsidiaries, remote offices, and third-party networks — the digital ecosystem is expanding rapidly.…

Read more →

Read the original article: How to Measure Cybersecurity Risk Across Your Digital Ecosystem Cyber risk is everywhere. As organizations become increasingly interconnected — across business units, geographies, subsidiaries, remote offices, and third-party networks — the digital ecosystem is expanding rapidly.…

Read more →

Read the original article: How CISOs Can Use Authority To Strengthen Supply Chain Cyber Security The SolarWinds supply chain attack did more than just create cybersecurity problems for businesses and government agencies – it has had a strong impact on…

Read more →

Read the original article: 4 Must-have Best Practices for Better Vendor Risk Management Vendor risk management is top of everyone’s mind in light of the recent SolarWinds supply chain attack and concerns around weak points in the COVID-19 vaccination supply…

Read more →

Read the original article: We Answer Your Questions About The SolarWinds Hack The SolarWinds hack, discovered in late 2020 when FireEye announced it had been targeted through a third party vulnerability, has now become one of the most widespread and…

Read more →

Read the original article: Common Cybersecurity Vulnerabilities and Exposures to Pay Attention to in 2021 The SolarWinds supply chain attack discovered in late 2020 was a wakeup call for security managers across all industries. The hack is shaping up to…

Read more →

Read the original article: What the Gramm-Leach-Bliley Act Means for Financial Services Cybersecurity For obvious reasons, the financial services industry has had the unfortunate distinction of being one of the largest high value targets for threat actors. Research shows that…

Read more →

Read the original article: Ransomware: Most Destructive Cybersecurity Trend of 2020 As if the COVID-19 pandemic wasn’t bad enough, the unpredictable events of 2020 created the perfect storm for a huge escalation in ransomware attacks.   Become a supporter of…

Read more →

Read the original article: Ransomware Emerges as Most Destructive Cybersecurity Trend of 2020 As if the COVID-19 pandemic wasn’t bad enough, the unpredictable events of 2020 created the perfect storm for a huge escalation in ransomware attacks.   Become a…

Read more →

Read the original article: The Big Data Breaches of 2020: What Happened and What Did We Learn? Not to be forgotten during the chaos that was 2020 were the massive cybersecurity breaches that directly impacted some of the country’s largest…

Read more →

Read the original article: CISO’s Board Report Cyber Security Toolkit When it comes to reporting to the board, there are plenty of tools at the CISO’s disposal. Looking at the right metrics and putting them in the right context can…

Read more →

Read the original article: The Financial Impact of SolarWinds Breach The SolarWinds breach is already one of the most significant cybersecurity incidents ever. And as with any unprecedented cyber event, this will have long-term effects on the way businesses and…

Read more →

Read the original article: The Financial Impact of SolarWinds: A Cyber Catastrophe… But Insurance Disaster Avoided? The SolarWinds breach is already one of the most significant cybersecurity incidents ever. And as with any unprecedented cyber event, this will have long-term…

Read more →

Read the original article: Is Single Sign-On Secure? SSO Benefits for Remote Work Remote work has always introduced unique and evolving cyber risks. In our “new normal” operating environment, where entire workforces have gone remote, IT security teams are facing…

Read more →

Read the original article: 4 Things to Know About FISMA Recently we wrote about the top cybersecurity frameworks to reduce cybersecurity risk, and the Federal Information Security Management Act (FISMA) certainly belongs in that list. But what is FISMA? Who…

Read more →

Read the original article: 2021 Cybersecurity Trends: BitSight Predicts the Top 3 2020 was a transformative year that blew all predictions out of the water. As we look ahead to 2021, we will continue to see the repercussions of this…

Read more →

Read the original article: Are Your Payment Card Vendors Maintaining PCI Security Standards? The payment card industry (PCI) has long been a Holy Grail target for bad actors for obvious reasons. Visa, Mastercard, and American Express account for the bulk…

Read more →

Read the original article: 4Things to Know About FISMA Recently we wrote about the top cybersecurity frameworks to reduce cybersecurity risk, and the Federal Information Security Management Act (FISMA) certainly belongs in that list. But what is FISMA? Who does…

Read more →

Read the original article: Common Vulnerabilities Associated With Remote Access Last year, enterprise IT security got turned on its head. As the world adjusted to working from home, IT teams worked overtime to enable remote access for millions of employees.…

Read more →

Read the original article: How to Prove Your Organization’s Cybersecurity Investment is Paying Off In light of recent widespread breaches and security incidents, such as the cyber attack targeting SolarWinds, security and risk managers are under more pressure than ever…

Read more →

Read the original article: Using Cybersecurity Analytics to Make a Case for Risk Management Not long ago, corporate executives would give only passing thoughts to their organization’s cybersecurity postures. Leadership and board members would take notice in the wake of…

Read more →

Read the original article: 7 Cybersecurity Frameworks To Reduce Cyber Risk While security ratings are a great way to demonstrate that you’re paying attention to the cyber health of the organization you also need to show that you’re adhering to…

Read more →

Read the original article: 5 Core Elements of a Risk-Based Cybersecurity Dashboard Curated cyber risk reports are essential to ensuring that security performance management information gets communicated effectively to the right stakeholders across your organization. Of course, reporting falls on…

Read more →

Read the original article: A response to Security Ratings – Love, Loathe or Live With Them A week ago (which seems like a world ago given everything that’s happened with SolarWinds) Phil Venables — formerly CISO of Goldman Sachs and…

Read more →

Read the original article: Best Practices For Managing Third Party Risk Properly managing third party risk and preventing damaging outcomes that result from gaps in your vendor ecosystem can be difficult and costly. With the recent SolarWinds data breach wreaking…

Read more →

Read the original article: BITSIGHT ANALYSIS OF SOLARWINDS ORION — PART 2: DECLINING PREVALENCE In light of the cyber attack targeting SolarWinds, security and risk professionals are working to identify instances of the Orion software within their organization — including…

Read more →

Read the original article: What Does Risk-Based Cybersecurity Reporting Look Like? Effective communication between different members of your team can make all the difference when it comes to maintaining your desired security posture and preventing massive cyber incidents. Reports can…

Read more →

Read the original article: SolarWinds Orion Breach — BitSight Analysis Part 1 The cyber attack targeting SolarWinds, a provider of network and system monitoring software, is shaping up to be one of the most significant attacks against a critical supply…

Read more →

Read the original article: SolarWinds Orion Breach — BitSight Analysis Part 1 The cyber attack targeting SolarWinds, a provider of network and system monitoring software, is shaping up to be one of the most significant attacks against a critical supply…

Read more →

Read the original article: What Does Risk-Based Cybersecurity Reporting Look Like? Effective communication between different members of your team can make all the difference when it comes to maintaining your desired security posture and preventing massive cyber incidents. Reports can…

Read more →

Read the original article: 3 Steps to Building an Effective Cyber Risk Strategy In today’s “new normal” operating environment, you’re contending with a growing attack surface, limited resources, and an increasingly remote workforce — all at once. Given these conditions,…

Read more →

Read the original article: 3 Steps to Building an Effective Cyber Risk Strategy This post doesn’t have text content, please click on the link below to view the original article. 3 Steps to Building an Effective Cyber Risk Strategy  …

Read more →

Read the original article: What Cybersecurity Questions the Board Really Wants Answered in Your Next Report Boards are increasingly looking at cybersecurity as a crucial part of the business. The problem is, the board doesn’t always know what to look…

Read more →

Read the original article: Zerologon Vulnerability: Analysis on This Dangerous Vulnerability New vulnerabilities emerge daily… but not every vulnerability is being actively exploited by nation state actors. Zerologon (CVE-2020-1472) is one such vulnerability.  Zerologon was recently identified by the National…

Read more →

Read the original article: Zerologon: BitSight Observations on a Dangerous Vulnerability New vulnerabilities emerge daily… but not every vulnerability is being actively exploited by nation state actors. Zerologon (CVE-2020-1472) is one such vulnerability.  Zerologon was recently identified by the National…

Read more →

Read the original article: Zerologon: BitSight Observations on a Dangerous Vulnerability New vulnerabilities emerge daily… but not every vulnerability is being actively exploited by nation state actors. Zerologon (CVE-2020-1472) is one such vulnerability.  Zerologon was recently identified by the National…

Read more →

Read the original article: Meet Our Customer Success Team: Ashley Ritrovato Check out this Q&A with a US-based member of BitSight’s Customer Success team to learn about her role as an BitSight Advisor & Customer Success Manager, her experience, and…

Read more →

Read the original article: BitSight’s View into the NSA’s Top Vulnerabilities In a highly unusual move, the National Security Agency released research on October 20, 2020, highlighting 25 common vulnerabilities that are being actively exploited by Chinese state-sponsored actors.  The…

Read more →

Read the original article: Meet Our Customer Success Team: Alessandra Pilloni Check out this Q&A with a London-based member of BitSight’s Customer Success team to learn about her role as an Customer Success Manager, her experience, and more.   Become…

Read more →

Read the original article: Worm Phishing Campaign Success On The Rise The majority of us have been through phishing training for our jobs, where the simplified best-practices for all employees are laid out. These usually include reporting to IT when…

Read more →

Read the original article: Meet Our Customer Success Team: Alessandra Pilloni Check out this Q&A with a London-based member of BitSight’s Customer Success team to learn about her role as an Customer Success Manager, her experience, and more.   Become…

Read more →

Read the original article: Meet Our Customer Success Team: Hayley Combs Check out this Q&A with a Lisbon-based member of BitSight’s Customer Success team to learn about her role as an EMEA Customer Success Manager, her experience, and more.  …

Read more →

Read the original article: Meet Our Customer Success Team: Jyotsana Shukla Check out this Q&A with a Australia-based member of BitSight’s Customer Success team to learn about her role as an Senior Customer Success Manager, her experience, and more.  …

Read more →

Read the original article: Meet Our Customer Success Team: Jyotsana Shukla Check out this Q&A with a Australia-based member of BitSight’s Customer Success team to learn about her role as an Senior Customer Success Manager, her experience, and more.  …

Read more →

Read the original article: 3 Ways To Avoid A Ransomware Attack Over the weekend of September 26th, major healthcare provider Universal Health Systems experienced a ransomware attack resulting in widespread computer systems failures. Without access to their digital databases, doctors…

Read more →

Read the original article: Meet Our Customer Success Team: Maggie Fitzgerald Check out this Q&A with a US-based member of BitSight’s Customer Success team to learn about her role as a Customer Success Manager, her experience, and more.   Advertise…

Read more →

Read the original article: Market-Changing Research Reveals Link Between Strong Cybersecurity and Stock Price One of the biggest questions in cybersecurity now has an answer… and the implications are significant for investors, policymakers, corporate executives, and cybersecurity professionals alike.   …

Read more →

Read the original article: Continuous Vendor Risk Monitoring To Reach Assessment Efficiency If you’re using a “one-size fits all” approach to managing your vendor lifecycle, you are missing opportunities to save money and operate more efficiently. Vendor management efficiencies don’t…

Read more →

Read the original article: How to Make Data-Driven, Strategic Cybersecurity Decisions Data can be the key to making more informed, strategic cybersecurity decisions — and ensuring you’re spending your security dollars effectively. In order to get the most out of…

Read more →

Read the original article: The Latest Cybersecurity Trends in State Government Entities It should come as no surprise that the cybersecurity landscape has been changing dramatically throughout the year 2020. According to BitSight research, up to 85% of the workforce…

Read more →

Read the original article: Is Your Cyber Security Communication Strategy Effective? One of the more challenging aspects of third party risk management is effectively communicating risk. Often the risks posed by vendors are highly technical, and it can be tempting…

Read more →

Read the original article: 5 Ways to Transform Your Security Program Between difficulty communicating with boards and executives, decreasing budgets, and difficulty measuring how exactly risk was being reduced, security leaders are under pressure to change the way they do…

Read more →

Read the original article: How You Should Improve Your Cyber Risk Remediation Process Let’s face it: In order to get the most out of your limited time and resources, you need to rethink the traditional processes you have in place…

Read more →

Read the original article: U.S. Election Security, Part 1: Voting Systems Vendors’ Cybersecurity is Improving Significant concerns have been raised about the security of the 2020 United States election. Hundreds of millions of dollars in Federal funding has been made…

Read more →

Read the original article: Who’s Ready for the CMMC? What Data Reveals About Defense Sector Cybersecurity In the upcoming months, the Cybersecurity Maturity Model Certification (CMMC) will go live. Thousands of third party assessors will begin cybersecurity assessments of hundreds…

Read more →

Read the original article: Do You Have the Right Vendor Management Policies? If you’re experiencing frustrating delays and procedural roadblocks during your vendor management process, you’re not alone. Security managers are seeing an increase in the number of third-parties integrating…

Read more →

Read the original article: 4 Ways Security Leaders Can Lead Business Transformation It’s easy to forget that cybersecurity teams were facing significant headwinds going into 2020. After years of ever expanding budgets, new tech and new tools, a string of…

Read more →

Read the original article: Automation is Key to Efficient Digital Risk Assessments In response to the global COVID-19 pandemic, more employees have been working from home over the past several months than ever before. In fact, during the period of…

Read more →

Read the original article: 3 Ways to Make Your Vendor Lifecycle Management More Efficient During this dynamic and stressful workplace environment 2020 has brought us, finding the most efficient ways to perform in your job has never been more important.…

Read more →

Read the original article: Content Security Policy Limits Dangerous Activity… So Why Isn’t Everyone Doing It? Online services, e-commerce sites, videoconference, delivery services, and all other kinds of services are growing exponentially, exposing users and data to new risks and…

Read more →

Read the original article: Why You Need to Build a Strong Security Program In today’s competitive marketplace, more and more companies are realizing that maintaining a good security posture is a crucial market differentiator — playing an essential role in…

Read more →

Read the original article: BlueKeep Continues to Plague the World a Year After Emergence Since its advent in May 2019, BlueKeep (CVE-2019-0708) has been observed to pose risks to information security worldwide. It is a vulnerability associated with a wide range…

Read more →

Read the original article: BlueKeep Continues to Plague the World a Year After Emergence Since its advent in May 2019, BlueKeep (CVE-2019-0708) has been observed to pose risks to information security worldwide. It is a vulnerability associated with a wide range…

Read more →

Read the original article: Grow Your Business Without Increasing Your Attack Surface Vulnerabilities With the expanding perimeter companies are creating as they move more of their business into the cloud, as well the addition of work-from-home network connections, there is…

Read more →

Read the original article: Grow Your Business Without Increasing Your Attack Surface Vulnerabilities With the expanding perimeter companies are creating as they move more of their business into the cloud, as well the addition of work-from-home network connections, there is…

Read more →

Read the original article: August Employee Spotlight: Marlene Lopes Name: Marlene Lopes Job Title: Inside Sales Representative What do you do at BitSight and when did you start? I started in May 2019, so it’s been almost a year. I started as a…

Read more →

Read the original article: What Companies Using Cloud Services Need To Know About Their Risk Responsibilities Cloud computing is not new to the cyber world; it’s here to stay. Web services are common in our everyday lives and workplaces, with…

Read more →

Read the original article: What Companies Using Cloud Services Need To Know About Their Risk Responsibilities Cloud computing is not new to the cyber world; it’s here to stay. Web services are common in our everyday lives and workplaces, with…

Read more →

Read the original article: Lessons Learned From The Garmin Cyberattack In the cybersecurity industry we deal with news of breaches or potential threats nearly every day, but when you really think about it, it’s bizarrely rare how little these events…

Read more →

Read the original article: Cloud Security Monitoring: Discover and Mitigate Risk Did you know that the volume of attacks on cloud services more than doubled in 2019? According to the 2020 Trustwave Global Security Report, cloud environments are now the…

Read more →

Read the original article: July Employee Spotlight: Jen Jaworski Name: Jen Jaworski Job Title: Technical Research Quality Assurer and Player Development Coach What do you do at BitSight and when did you start?    Advertise on IT Security News. Read the original…

Read more →

Read the original article: What Does a Successful Third-Party Risk Management Program Look Like? As digital transformation picks up pace, companies are working with more vendors than ever. According to Gartner, 60% of organizations now work with more than 1,000…

Read more →

Read the original article: Easy Security Wins: How Patching and Software Updates Impact Your Cybersecurity As companies continue to try and manage the massive changes to work driven by COVID-19, security teams have faced immense pressure to rise to the…

Read more →

Read the original article: What is Digital Risk Protection? Digital risk protection (DRP) solutions can be powerful operational tools for security analysts and threat researchers looking to identify and address existing cyber risk exposures quickly. While these solutions can provide…

Read more →

Read the original article: Mitigate Risk of Security Vulnerabilities With Continuous Monitoring Did you know that 60% of breaches involve vulnerabilities for which a patch was available but not applied? Now, as business-targeted cyber attacks are on the rise, the…

Read more →

Read the original article: Best Practices for Managing Third-party Risk in the Energy Sector Back in May this year, President Trump issued an executive order banning US energy sector entities from acquiring electric equipment from foreign adversaries, citing potential cybersecurity…

Read more →

Read the original article: How To Mature Your Vendor Risk Management Program There are layers of uncertainty plaguing security professionals when it comes to the time, money, and energy they spend focusing on their third-party risk management systems. Without the…

Read more →

Read the original article: How Does BitSight Work? A Look At Security Ratings & How They’re Used Since our foundation in 2011 as the first company to provide a rating for measuring a company’s cyber security, BitSight has become the…

Read more →

Read the original article: BitSight Data Highlights Vaccine Developer Vulnerabilities Introduction As the biomedical community rushes to develop vaccines to combat COVID-19, malicious actors are seeking to steal the sensitive intellectual property that underpins treatment.   Advertise on IT Security…

Read more →

Read the original article: 5 Risks Of Outdated Software & Operating Systems If more than half of an organization’s endpoints are outdated, its chances of experiencing a detrimental breach of potentially sensitive data points nearly triples. With hackers looking for…

Read more →

Read the original article: Expand Your Threat Intelligence Insights As your attack surface grows and the threat environment becomes increasingly complex, it’s more important than ever to take a risk-based approach to cybersecurity. By doing so, you can focus your…

Read more →

Read the original article: Do You Know Where Your Cybersecurity Gaps Are? In our ever-evolving, dynamic cybersecurity landscape, new vulnerabilities are being exploited daily and potential threats can escalate very quickly. Expectations and standards of care are constantly in flux…

Read more →

Read the original article: Why Cyber Risk Prioritization is Essential to a Solid TPRM Program Today’s businesses can’t succeed on their own, which is why they turn to third parties to grow and stay competitive. However, these partnerships can introduce…

Read more →

Read the original article: Study: More Security Tools Hinder Response Efforts The global cybersecurity market is currently worth $173 billion and expected to grow to $270 billion by 2026. Yet as organizations invest more in security technology, a new global…

Read more →

Read the original article: Protecting Sensitive Data: 4 Things To Keep In Mind The content in this piece was originally published by BitSight in April of 2017. This updated version includes current information about BitSight, our security rating and third-party…

Read more →

Read the original article: 5 Examples Of Sensitive Data Hackers Look For This piece was originally published by BitSight in April of 2017. This updated version includes current information about BitSight, our security rating and third-party monitoring software, and the…

Read more →