Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The cybersecurity community woke up on Thursday to news of a cyberattack on Sisense, a major business analytics software company. It’s thought that the breach may have exposed hundreds of Sisense’s customers to a supply chain attack and provided the attacker with a door into the company’s customer networks.

Assessing cybersecurity risks is critical for identifying vulnerabilities in your systems that can potentially lead to data breaches, financial loss, reputation damage, legal liabilities, and other negative consequences. Knowing your weaknesses will help you take proactive measures to protect your sensitive information, comply with relevant regulations, and ensure business continuity.

As communicated in January, Bitsight will conduct a ratings algorithm update (RAU) on July 10, 2024, as part of our ongoing efforts to optimize our methodology to provide the best external indicator of the performance of cybersecurity controls. Today, we’re excited to announce that our 2024 RAU is available to preview in the Bitsight applications.

The role of the Chief Information Security Officer (CISO) or Security Leader has undergone a transformation as profound as the threats we face. Between new regulations such as SEC, NIS2, and DORA, the explosion of generative AI, and the rapidly expanding attack surface, the burden is now on cybersecurity leaders to not only protect the organization but build confidence with customers, regulators, board members, and other stakeholders. The key to building trust? Storytelling.

In the latest G2 Spring Report, UpGuard ranked as the leading third-party and supplier risk management solution. G2 also recognized UpGuard as a market leader in third-party risk management (TPRM) for the seventh consecutive quarter, reaffirming UpGuard’s continued excellence and commitment to providing world-class cybersecurity solutions to global mid-market and enterprise organizations.

The ongoing cyberattack on Change Healthcare, a major player in medical claims processing in the United States, had profound repercussions across the healthcare sector. With the company forced to disconnect over 100 systems, medical claims processing ground to a halt. This disruption, termed by the president and chief executive of the American Hospital Association as “the most serious incident of its kind” in healthcare, brought many medical providers to the brink of closure.

In light of the SEC's cybersecurity disclosure regulations in the US and NIS2 in Europe, corporate executives and institutional investors are facing a pressing need to align their expectations and improve understanding around cybersecurity risk management. The evolving threat landscape and regulatory environment highlight the importance of cohesive strategies to measure, prioritize, mitigate, and communicate cyber risks effectively.

SecurityScorecard STRIKE threat researchers discovered 12 zero-days in customer environments in the last year. Attacks are increasingly targeting third-party software. The zero-day vulnerability that emerged in Progress Software’s MOVEit Transfer product last year was a stark reminder of the real-world impact of such vulnerabilities. It wreaked havoc on businesses and governments worldwide, with cyber criminals exploiting it since May of 2023.