InSights Blog

Learn how to protect your organization’s “crown jewels” with these do’s and don’ts of sensitive data sharing with vendors.

What is information risk management? Learn more about how the classic equation of threat x vulnerability x consequence helps inform your cybersecurity risk management strategy.

Is there a difference between cybersecurity vs. information security? Learn more about the distinctions between the two areas, where they overlap, and how both have evolved.

The Digital Operational Resilience Act is set to go into action in early 2022. Learn how BitSight can help your organization meet the compliance requirements.

Does your organization have a cybersecurity risk remediation plan? Follow these five tips for crafting one.

Cyber risk mitigation and remediation are often talked about in the same terms. But they are different. Learn how you can optimize both.

What does your organization consider an acceptable level of inherent cyber risk in its vendor portfolio? Learn how to establish that threshold and focus resources where they’re needed most.

Learn how to use cyber risk data to protect your organization and its financial assets.

Cybersecurity is a priority for any organization and a big-ticket budget line item. But before investments in security are made, your organization must understand what it is doing right and where improvements to your cybersecurity program are needed.

Typically, this involves conducting a periodic security audit. But these assessments only capture a point-in-time view of the effectiveness of your security controls – and are incredibly resource-intensive.

Five of the most critical vendor evaluation tools that you should have in your cybersecurity risk management toolkit.

You can’t reduce the cyber risks faced by your organization if you don’t know what you’re up against. That’s the purpose of a vulnerability probe.

There are many ways that a bad actor can infiltrate your IT infrastructure and begin sifting through your data. These vulnerable entry points are known as risk vectors and include insecure endpoints, unsupported mobile devices, unpatched systems, and more.

You've worked hard all year to prioritize your organization's resources to tackle the riskiest vulnerabilities in your cybersecurity program. But when you bring your progress to the board of directors, excited to demonstrate your success, your reports about patched network configurations, DNS configurations, botnet sinkholes, and more are met with blank stares.

Work from home practices introduce significant cyber risk to any organization. Worryingly, BitSight research discovered that remote office networks are 7.5 times more likely to have at least five distinct malware families on them than a corporate network.

As remote workforces become the norm, this should ring alarm bells for security leaders. When an employee uses a corporate device on a home network, malware can propagate to the corporate network. This is especially problematic given user behavior and the dynamics of home networks. In 52% of cases, corporate-issued devices are used by family members or trusted friends. These assets also share the same network as potentially insecure IoT devices such as alarm systems, smart TVs, refrigerators, and more.

While the ongoing wave of digital transformation opens exciting opportunities for innovation, it also widens your attack surface.