Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

BitSight

What is Adaptive Security (Definition and Implementation)

Adaptive security is an approach to cybersecurity that helps your Security Operations Center (SOC) quickly adapt to the latest threats. By implementing adaptive security, your organization can evaluate and analyze behaviors and events in real-time to take preventative action before a breach.

Bitsight's Partnership with Moody's Continues to Evolve - Making Cyber Risk Actionable for Business Leaders

Moody’s investment in Bitsight in 2021 was founded on the belief that cyber risk is business risk. Two years later - this foundational belief is clearer than ever by evidence of recent research developed by the two companies. This blog post is a reflection on the research progress made by the two firms since the announcement of the partnership.

Unveiling Socks5Systemz: The Rise of a New Proxy Service via PrivateLoader and Amadey

Proxy services offer users the ability to rent a set of IP addresses for internet use, granting a level of online anonymity. Essentially, they make your internet traffic appear as if it's coming from a regular IP address while keeping the real origin hidden. Recently, our Threat Research team discovered a new malware sample, distributed by the PrivateLoader and Amadey loaders.

Top 3 Vendor Cybersecurity IT Risk Assessment Templates

If you’re developing a vendor risk management (VRM) plan from scratch or looking to scale your existing program, a cybersecurity IT risk assessment template can help you get started. Fortunately, you have options. In this blog, we’ve listed several templates, frameworks, and checklists that can help you create a personalized vendor cybersecurity IT risk assessment questionnaire.

SEC's Cybersecurity Regulations, Part III: The Relationship Between the CISO & The Board

Cybersecurity is a top risk for corporate directors to understand and navigate. The implications of cyber events for a company are many and growing: instantly damaged reputations that erode years of credibility and trust with customers and investors, impaired profitability from customer attrition and increased operating costs, lost intellectual property, fines and litigation, and harm to a company’s people and culture.

Industrial Control Systems are Exposed: Breaking Down the Risks

The world had a security wake-up call recently. Organizations were alerted to nearly 100,000 exposed industrial control systems (ICS), potentially allowing an attacker to access and control physical infrastructure such as power grids, traffic light systems, security and water systems, and more. That’s not only a stark statistic but a critical call-to-action for organizations around the world.

10 Frequently Asked Supplier Risk Management Questions

Supply chain attacks are increasing. According to KPMG, 73 percent of organizations have experienced at least one significant disruption from a third-party in the last three years. These findings underscore the imperative of implementing a supply chain risk management program. But as your vendor portfolio grows, assessing your vendors for cyber risk can seem daunting and raises many questions.

Vendor Due Diligence Checklist: 5 Steps to Selecting a Third-Party

Third-party vendors can open the doors to growth and competitiveness, but they can also introduce operational, cyber, or financial risks. Whether you’re starting out or an established business, the process of selecting and onboarding a new vendor is a critical juncture that requires careful due diligence. But what information should you collect from your vendors, and how can you verify that it’s accurate?

New from SEC: Cybersecurity Final Rule on Reporting Hits Third Party Risk

In one of the most important cybersecurity regulatory developments in recent memory, the U.S. Securities and Exchange Commission (SEC) recently adopted new cybersecurity requirements for publicly traded companies, creating new obligations for reporting “material” cybersecurity incidents and requiring more detailed disclosure of cybersecurity risk management, expertise, and governance. Companies are required to disclose risks in their annual reports beginning on December 15, 2023.

Overcoming Cybersecurity Headwinds Part 3: Future Proofing Your TPRM Program

Welcome back to our Overcoming Cybersecurity Headwinds blog series—building on our latest webinar about third party risk with Marc Crudginton, CISO at Howard Hughes Corporation. In our previous blogs, we explored the wisdom of centralizing cyber risk management and automating third-party risk management (TPRM). Today, we will focus on future proofing your TPRM program.