While most security teams now have systematic processes in place for identifying vulnerabilities and responding to targeted threats, large-scale security incidents that affect many organizations globally are now an increasingly common occurrence. The Crowdstrike outage in July, while not specifically a security incident, demonstrated how targeted breaches or failures in our security infrastructure can have a ripple effect across entire industries and disrupt critical aspects of everyday life.

As a modern CTO, it should probably come as no big surprise that I’m an optimist on the innovative prospects of artificial intelligence (AI). But I’ve been in this career for a long time, and that optimism is tempered with experience. I’ve seen enough emerging technology patterns to know that it always takes a lot more time and resources than people think to evolve innovative technologies beyond their final barriers.

As we discussed in the first article in this series, there are many Internet-exposed control systems, but they are very different from traditional IT systems and require a different security approach. With these systems being so critical and controlling processes that can potentially lead to loss of life if they fail, what is being done to tackle this issue? In this article I’ll dive into this and more, looking at.

Security reviews of third-party vendors are now an essential element of an effective governance, risk, and compliance (GRC) function. After all, there have been numerous examples in recent years of organizations with an otherwise strong security posture falling victim to threats that originated with supply chain partners. But whether you are on the sending or receiving end of a security review, completing the process can be time-consuming and inefficient.

This is a continuation of the series on web application security. If you haven't already read through part 1, this is a good time to go back. If not, let's move on and answer the question left hanging during our last installment: how do browsers know which site set the cookies in the first place? And what constitutes the same site?

In recent years, Telegram has emerged as a popular messaging platform among cybercriminals, driven by its combination of simplicity, security, and efficiency. Telegram's encrypted messaging capabilities, real-time communication, and the ability to send large data files make it an ideal platform for cybercriminal activities, making it an attractive alternative to traditional underground forums.

Organizational cyber risk is notoriously difficult to quantify. Determining the impact of investments made by cyber security teams to reduce it is even tougher.

Writing reliable and user-friendly web applications takes significant knowledge, skill, and experience; writing secure web applications introduces a whole new level of complexity.

As in many companies around the world, Bitsight leadership believes that adoption and innovation through the use of artificial intelligence (AI) capabilities is crucial to the future of our company. From the top down, our employees are continually on the hunt for ways to leverage AI to improve business outcomes and customer productivity.

The speed at which vulnerabilities are detected and addressed can drastically impact an organization’s likelihood of suffering a security incident. Recently, Bitsight demonstrated how its investments in product fingerprinting and CVE mapping allowed it to identify and surface assets potentially impacted by a set of critical vulnerabilities in the CUPS printing system in under 24 hours.