Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

BitSight

Evidence-Based Strategies to Lower Your Risk of Becoming a Ransomware Victim

The ransomware trend continues to run rampant. One in four breaches involve ransomware, and organized crime actors use ransomware in more than 62 percent of incidents. Cyber criminals are taking advantage of these new opportunities to exploit a greatly expanded attack surface: But ransomware is only one small piece that a security leaders has to manage. The threat of ransomware is compounded by a distributed workforce, trends toward technology consolidation, geopolitical upheaval, and budget constraints.

Cybersecurity Risk Assessment Tools You Can Use Year-Round

When it comes to improving cybersecurity at your organization, there are some fixes that you can undertake with very little preparation. More robust risk remediation efforts, however, usually start with a cybersecurity risk assessment. These assessments are commonly offered by third-party consultants, sometimes as a stand-alone service and sometimes as the first step in a larger end-to-end cybersecurity engagement.

5 Cyber Threat Prevention Strategies to Protect Your Growing Digital Footprint

Every cybersecurity leader is looking for best practices to prevent cyber threats and cyberattacks. Chief among them is a relentless focus on cyber hygiene—the practice of maintaining the cyber health of your digital infrastructure. Good cyber hygiene significantly lowers the chance of cyber incidents. Indeed, a Bitsight study found that poor cyber hygiene, as determined by an organization’s security rating, increases the risk of a ransomware attack by 4.6 times.

What is a Third-Party Data Breach?

A data breach is an IT security incident where data is compromised or stolen from a system without the knowledge or authorization of its owner. But what happens when a third party is involved? Stolen data may include sensitive, proprietary, or confidential information such as credit card numbers, trade secrets, customer, or patient data. Third party breaches cost millions of dollars every year to companies of all sizes.

How to Establish a Cybersecurity Baseline That Works for Your Organization

A cybersecurity baseline is an invaluable set of standards for your organization. It helps you understand your security posture, identify security gaps, and meet cybersecurity regulations. The most widely adopted cybersecurity baselines are those recommended by the NIST Cybersecurity Framework, the SANS Top 20 Critical Security Controls, and Shared Assessments (designed for third-party risk management). We covered the specifics of these frameworks in a previous blog.

5 Tips for Crafting a Cybersecurity Risk Remediation Plan

With the new year upon us, now is the ideal time to re-evaluate your cybersecurity controls and your cybersecurity risk remediation strategy. Do you have a plan for cybersecurity risk remediation? Has this plan outlined who needs to be involved? How are you being notified of risks? Is there a process in place to identify and prioritize the riskiest threats for rapid remediation? This year, plan ahead for evolving cybersecurity threats and follow these five tips for crafting a risk remediation plan.

More Network Security Monitoring Tools Doesn't Mean More Visibility

Network security monitoring tools are a critical component of any IT security toolkit. These tools help protect your network from online threats by looking for weaknesses and potential dangers in your organization's digital properties. But as digital ecosystems have expanded into the cloud, remote locations, and across geographies – the number of monitoring tools has skyrocketed.

7 Vendor Risk Assessment Tips

Organizations rely on dozens or hundreds of third-party vendors every day to provide strategic services. Due to the increased reliance on outsourcing, the need to automatically and continuously monitor and manage vendors is not an option—it’s a business imperative. As the frequency and severity of third-party data breaches continue to escalate, your organization must remain vigilant so it can effectively protect its network and data from cyberattacks.

Cyber Risk Protection and Resilience Planning for Boards

Cybersecurity is a top risk for corporate directors to understand and navigate. The implications of cyber events for a company are many and growing: instantly damaged reputations that erode years of credibility and trust with customers and investors, impaired profitability from customer attrition and increased operating costs, lost intellectual property, fines and litigation, and harm to a company’s people and culture.

MITRE System of Trust Framework for Supply Chain Security

Supply chain security has been a top concern for risk management leaders ever since the high-profile attacks to SolarWinds and Log4j took place. While there's no one-size-fits-all way to identify, assess, and manage cyber risks in the supply chain, MITRE's System of Trust Framework offers a comprehensive, consistent, and repeatable methodology for evaluating suppliers, supplies, and service providers alike.