Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

kovrr

From Entities to Enterprise Risk: Kovrr's Portfolio Analysis

Apr 9, 2026 By Kovrr In Kovrr
Global enterprises, private equity firms, conglomerates, and other large-scale organizations may share a corporate umbrella, but the entities operating beneath it are far from uniform. Each functions with a distinct technology stack, industry context, and regulatory environment, which inherently means each carries a distinct cyber exposure. Understanding cyber risk at that higher organizational level, therefore, requires more than individual entity modeling.
Read Post
bitsight

The Future Is Cyber Risk Intelligence

Apr 9, 2026 By Jake Olcott In BitSight
Risk is expanding faster than most organizations can measure it, communicate it, and act on it. The convergence of AI, an ever-expanding attack surface, and deep, often hidden supply chain risks—extending into third-, fourth-, and fifth-party connections—all pose strategic and material risks to companies. Security leaders are ultimately looking for better ways to identify risk, prioritize action, and support stronger risk decisions across the entire business ecosystem.
Read Post
nucleus

You Can't Patch Your Supply Chain So Why Treat It Like a Vulnerability Problem?

Apr 7, 2026 By Doug Drew In Nucleus
For years, vulnerability management has followed a familiar pattern: discover assets, scan for CVEs, prioritize by severity, and remediate what you can. That model works, at least within the boundaries of systems you own. The problem is that most organizations no longer operate within those boundaries. Federal agencies especially depend on a complex ecosystem of SaaS platforms, software vendors, contractors, and open-source components.
Read Post
upguard

The Context Gap: How Nearly Half of Your Time is Lost to Investigation

Apr 6, 2026 By Shane Moosa In UpGuard
The classic tradeoff in cybersecurity has always been simple: more visibility at the cost of speed. But today, that tradeoff is breaking down. As attackers leverage AI to find and exploit vulnerabilities at unprecedented scale, the sheer volume of alerts is burying security teams. The result? An expanding exposure gap. It is taking longer than ever to triage and remediate threats, creating a dangerous window between when a tool pings and when a human in the SOC can actually take action.
Read Post

AI With Intention: Visibility Drives Action: Strengthening Cyber Risk Management with Better Data

Apr 3, 2026 By Bitsight In BitSight
As organizations shift to cloud services and third-party vendors, maintaining visibility and control over cyber risk has become increasingly complex. In this video, we explore one of the biggest challenges facing security leaders today: how to manage cyber risk without full visibility into your environment. Learn why visibility is critical to effective cybersecurity—and how the right data enables organizations to.
View Video

Data Sets the Course: Why Cyber Risk Management Starts with Better Data

Apr 3, 2026 By Bitsight In BitSight
The cyber risk landscape is evolving faster than ever—creating new challenges for organizations trying to maintain visibility and control. In this video, we explore why data is the foundation of effective cyber risk management. As risk becomes more dynamic and complex, organizations must be able to: Respond to threats as they emerge—not after the fact Without high-quality, actionable data, managing cyber risk simply isn’t possible.
View Video

Evolve With Your Vendors: Why Vendor Risk Changes Over Time-and What to Do About It

Apr 3, 2026 By Bitsight In BitSight
Vendor relationships don’t stay static—and neither does the risk they introduce. In this video, we break down a common misconception in third-party risk management: that vendor risk remains constant after onboarding. The reality? As vendors grow and their digital footprint expands, risk increases over time. Learn why organizations must move beyond point-in-time assessments and adopt a more modern approach to vendor risk management.
View Video

SecurityScorecard's Weekly Brief: The CISO Edition with Steve Cobb

Apr 3, 2026 By SecurityScorecard In SecurityScorecard
This is SecurityScorecard's Weekly Brief: The CISO Edition with SecurityScorecard's CISO Steve Cobb. Is it time to retire the vendor questionnaire and annual assessment routines? Not quite, but following face-to-face customer interactions and many forward-thinking speaking sessions at RSAC 2026, CISO Steve Cobb emphasizes the importance of reducing risk for TPRM programs, which is not achieved by completing a third-party risk assessment checklist alone.
View Video
bitsight

AI Integration Security: Why the Biggest Risk Is Not the Model

Mar 31, 2026 By Emma Stevens In BitSight
When people talk about AI security risks, the conversation usually starts with the model. Can it be jailbroken? Can someone get around the guardrails? Can an attacker make it say or do something it should not? Those are fair questions, but they are not the most important ones. The bigger risk is not the model on its own: it’s everything the model is connected to.
Read Post
bitsight

Ransomware with a Twizt: Inside the Phorpiex Botnet

Mar 31, 2026 By Threat Research Team In BitSight
Phorpiex, also known as Trik, is a resilient and long-running botnet with a history dating back to 2011. While it has grabbed some headlines, its sustained presence and adaptability make it a subject of ongoing concern for the cybersecurity community. Phorpiex has consistently demonstrated its capability to evolve, shifting from a pure spam operation to a sophisticated platform.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.