Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
The SolarWinds supply chain attack discovered in late 2020 was a wakeup call for security managers across all industries. The hack is shaping up to be one of the most impactful attacks against a critical supply chain partner in history.
As if the COVID-19 pandemic wasn’t bad enough, the unpredictable events of 2020 created the perfect storm for a huge escalation in ransomware attacks.
In light of recent widespread breaches and security incidents, such as the cyber attack targeting SolarWinds, security and risk managers are under more pressure than ever to prove that their cybersecurity investments are actually paying off.
Not long ago, corporate executives would give only passing thoughts to their organization’s cybersecurity postures. Leadership and board members would take notice in the wake of a major data breach, for example, or a couple of times a year as a “check the box” exercise to maintain compliance with regulations. Overall, however, cybersecurity analytics didn’t really garner much attention.
Effective communication between different members of your team can make all the difference when it comes to maintaining your desired security posture and preventing massive cyber incidents. Reports can play a critical role in these communications, serving as the central mechanism through which to align on the most significant issues and make more confident, data-driven decisions.
In today’s “new normal” operating environment, you’re contending with a growing attack surface, limited resources, and an increasingly remote workforce — all at once. Given these conditions, it’s more important than ever to have a solid security performance management program in place.
Data can be the key to making more informed, strategic cybersecurity decisions — and ensuring you’re spending your security dollars effectively. In order to get the most out of your increasingly limited security resources and meet or surpass industry benchmarks, you need visibility into the relative performance of your security program — and insight into the cyber risk present across your ecosystem.
It should come as no surprise that the cybersecurity landscape has been changing dramatically throughout the year 2020. According to Bitsight research, up to 85% of the workforce in some industries has shifted to remote work in response to the COVID-19 pandemic — introducing corporate devices to a variety of new and evolving cyber threats. While malicious actors are taking advantage of this opportunity to advance their nefarious objectives, security teams are racing to adapt to our “new normal” operating environment so that they can continue to effectively mitigate risk across their growing attack surfaces.
Let’s face it: In order to get the most out of your limited time and resources, you need to rethink the traditional processes you have in place throughout your risk management program — from the initial discovery and assessment phases to ongoing performance monitoring. By finding new operational efficiencies in each stage, you can maximize your cybersecurity ROI and ultimately do more with less.
In response to the global COVID-19 pandemic, more employees have been working from home over the past several months than ever before. In fact, during the period of March 2020, we looked at a sample size of 41,000 organizations and found that up to 85% of the workforce in some industries had shifted to remote work.
In today’s competitive marketplace, more and more companies are realizing that maintaining a good security posture is a crucial market differentiator — playing an essential role in their ability to earn customer trust and protect their brand reputation. In fact, as stated in a recent Forrester study commissioned by Bitsight, Better Security and Business Outcomes With Security Performance Management, “companies win and lose business based on both real and perceived security performance challenges — meaning security is now responsible for protecting, enabling, and even creating, revenue growth opportunities.”
In the cybersecurity industry we deal with news of breaches or potential threats nearly every day, but when you really think about it, it’s bizarrely rare how little these events impact our everyday lives. Yes, they impact the professional lives of many and have serious business consequences, but perhaps one reason for the lack of urgency society seems to show on the issue is that these tend to be fairly low visibility events for the average person. Even something like the Target or Capital One breaches happened at a remove for most people in the world, with little impact on our daily lives.
Did you know that the volume of attacks on cloud services more than doubled in 2019? According to the 2020 Trustwave Global Security Report, cloud environments are now the third most targeted environment for cyber attacks. While these incidents are on the rise, migrating to the cloud is no longer optional for many organizations, due to the widespread shift to remote work. In today’s ever-evolving, dynamic security landscape, mitigating risk effectively requires thorough cloud security monitoring and continued visibility into your expanding attack surface.
Digital risk protection (DRP) solutions can be powerful operational tools for security analysts and threat researchers looking to identify and address existing cyber risk exposures quickly. While these solutions can provide valuable assessments, they focus on short-term outcomes rather than long-term ones. DRP tools are more tactical than strategic in nature — and often do not provide the necessary context to make informed business decisions.
Did you know that 60% of breaches involve vulnerabilities for which a patch was available but not applied? Now, as business-targeted cyber attacks are on the rise, the ability to mitigate security vulnerabilities quickly and effectively is more important than ever. With malicious actors constantly on the hunt to discover any weaknesses within your infrastructure, it’s critical that you have the tools and insights you need to identify and defend against all possible exploits.