Insights blog.

This blog discusses the state of DMARC, the role that DMARC plays in email authentication, and why it should be a key component of your email security solution.

Cybersecurity is always changing, and it's up to CISOs to keep up with the times. There are plenty of blogs and newsletters offering information on new developments in data security, but not all of them are worth following. 

Are you aware of the risks involved in doing business with parties sanctioned by the Office of Financial Assets Control (OFAC)?

The chief information officer (CIO) has traditionally owned IT security — and in recent years, cybersecurity has become a larger part of the modern CIO’s responsibility. Cybersecurity is a company-wide issue — and it’s everyone’s responsibility to manage it appropriately — but today, the CIO must act as a steward for the data and ensure that the right controls and processes are in place for data security.

Traditional supply chain risk management strategies are becoming increasingly unsound amid the rise of unorthodox threats. These evolving supply chain risks require organizations to not only rethink supply chain risk but to act accordingly. Every organization should form a cyber supply chain risk management strategy for the modern era.

Passwords are only as strong as we make them. Explore the findings of our research around password usage and get the top tips on password security.

A quick list of Android vulnerabilities as outlined and catalogued by CISA.

Financial services is a wide industry, encompassing banks, insurance companies, investment firms, analysts, consultants, and many more. We’ve found financial services to be one of the best performing sectors in terms of cybersecurity. We’ve been able to pinpoint a handful of basic facts, ideas, and principles that make the financial sector so successful at cybersecurity, and we’ve outlined those “pillars” below. Take a look!

A quick list of Apple vulnerabilities as outlined and catalogued by CISA.

The payment card industry (PCI) has long been a Holy Grail target for bad actors for obvious reasons. Visa, Mastercard, and American Express account for the bulk of the consumer financial activity in the United States. Breaching them would be an unimaginable windfall for hackers--and, undoubtedly, an unmitigated disaster for the world’s economy. 

The process of removing an association with a CIDR range can be time consuming and frustrating; in light of this, Bitsight has created a program to facilitate and simplify the process.

We build on our previous work and look into how threat actors are abusing SLP to launch reflection/amplification DDoS attacks, their evolution, and what targets are they focused on at the moment.

Hardly a day goes by without the emergence of a disturbing new trend in cyber crime or headline-grabbing hack. Hackers are getting smarter and threat vectors are constantly evolving. The escalating threat is forcing businesses to file more cyber insurance claims than ever. But are they taking the proactive steps necessary to boost their security postures and become a better underwriting risk?

Taking back control of your network in light of hackers’ growing sophistication can be time-consuming. Even well-established organizations with money to spend on solid cybersecurity programs are still falling victim to some of the new sneaky breach attempts, as seen with this year's ransomware attacks.

But as your digital infrastructure expands, understanding where cyber risk lies hidden can be challenging. In this increasingly diverse environment, your security team ends up buried in a sea of data and alerts — and may end up missing something important. They are also hopping between multiple tools and lack a complete picture of your company’s security posture.

Rather than play whack-a-mole with threats, here are three reasons you should focus on attack surface scanning to mitigate risk.

Bitsight and Google have collaborated to study global organizational performance across cybersecurity controls in the Minimum Viable Secure Product (MVSP) framework.