At Bitsight, part of the core work of the Vulnerability Research team is to analyze new high-profile vulnerabilities and ensure we come up with ways to detect, at an internet-wide scale, who is affected by these. Sometimes - more often than not - the direct exploitation of these vulnerabilities is significantly intrusive, and thus we can not load a direct port of the publicly available Proofs-of-Concept onto our internet scanning infrastructure.

‍ “All models are wrong, but some are useful.” ‍ In the earliest days of cyber risk management, chief information security officers (CISOs) generally relied on matrices and other subjective risk assessments for strategic planning.

In this article we’ll discuss DSPM and DFPM, their similarities and differences, and the value that each one brings.

The EU Cyber Resilience Act (CRA) is a major piece of cyber legislation passed in 2024 in the European Union (EU) that regulates cybersecurity for digital products and services. The EU Cyber Resilience Act directly complements the NIS2 Directive, which regulates risk management and incident reporting across the European market.

The cybersecurity community woke up on Thursday to news of a cyberattack on Sisense, a major business analytics software company. It’s thought that the breach may have exposed hundreds of Sisense’s customers to a supply chain attack and provided the attacker with a door into the company’s customer networks.

As communicated in January, Bitsight will conduct a ratings algorithm update (RAU) on July 10, 2024, as part of our ongoing efforts to optimize our methodology to provide the best external indicator of the performance of cybersecurity controls. Today, we’re excited to announce that our 2024 RAU is available to preview in the Bitsight applications.

The role of the Chief Information Security Officer (CISO) or Security Leader has undergone a transformation as profound as the threats we face. Between new regulations such as SEC, NIS2, and DORA, the explosion of generative AI, and the rapidly expanding attack surface, the burden is now on cybersecurity leaders to not only protect the organization but build confidence with customers, regulators, board members, and other stakeholders. The key to building trust? Storytelling.

In the latest G2 Spring Report, UpGuard ranked as the leading third-party and supplier risk management solution. G2 also recognized UpGuard as a market leader in third-party risk management (TPRM) for the seventh consecutive quarter, reaffirming UpGuard’s continued excellence and commitment to providing world-class cybersecurity solutions to global mid-market and enterprise organizations.

The ongoing cyberattack on Change Healthcare, a major player in medical claims processing in the United States, had profound repercussions across the healthcare sector. With the company forced to disconnect over 100 systems, medical claims processing ground to a halt. This disruption, termed by the president and chief executive of the American Hospital Association as “the most serious incident of its kind” in healthcare, brought many medical providers to the brink of closure.