Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
![Blog Image KEV Research Announcement](/sites/default/files/styles/cta/public/2024/05/01/Blog%20Image%20KEV%20Research%20Announcement.png?itok=dUMFV8Tg)
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
![count_ip vs country](/sites/default/files/styles/4_3_small/public/2022/02/04/count_ip%20vs.%20country.png.webp?itok=Zs9j0V9Y)
Bitsight has been collecting FluBot infection telemetry data since March 2021. In total, we have identified 1.3 million IPs used by infected Android devices. Of them, over half (61%) are in Germany and Spain. Additionally, we are tracking an increase in IPs over time, which likely indicates an increase in infected devices.
![Cybersecurity in banking, showing people using contactless banking](/sites/default/files/styles/4_3_small/public/2022/01/24/3%20Cybersecurity%20Banking%20Trends%202022%2C%20Sized.jpg.webp?itok=h3nTzMiz)
Rapidly evolving risk and the digitization of banking is creating new threats. Here are three cybersecurity in banking trends to watch this year.
![Mobile Application Risk Report Cover 2021](/sites/default/files/styles/4_3_small/public/2022/01/20/Mobile%20Application%20Risk%20Report%20Cover.png.webp?itok=z3scQxPf)
As internet use continues moving toward a mobile-centric experience, it has become essential to consider mobile applications when crafting a security strategy. Bitsight’s latest research demonstrates exactly why. We are excited to announce that Bitsight Insights: Mobile Application Risk Report is available now.
![cybersecurity program](/sites/default/files/styles/4_3_small/public/2021/12/13/Cybersecurity%20Program%20Blog%20Drupal%20Sized-min.jpg.webp?itok=9ktdoCjJ)
Cybersecurity is a priority for any organization and a big-ticket budget line item. But before investments in security are made, your organization must understand what it is doing right and where improvements to your cybersecurity program are needed.
Typically, this involves conducting a periodic security audit. But these assessments only capture a point-in-time view of the effectiveness of your security controls – and are incredibly resource-intensive.
Typically, this involves conducting a periodic security audit. But these assessments only capture a point-in-time view of the effectiveness of your security controls – and are incredibly resource-intensive.
![workforce cybersecurity](/sites/default/files/styles/4_3_small/public/2023/06/07/Workforce%20cybersecurity.jpg.webp?itok=RwYpaw3C)
Work from home practices introduce significant cyber risk to any organization. Worryingly, Bitsight research discovered that remote office networks are 7.5 times more likely to have at least five distinct malware families on them than a corporate network.
As remote workforces become the norm, this should ring alarm bells for security leaders. When an employee uses a corporate device on a home network, malware can propagate to the corporate network. This is especially problematic given user behavior and the dynamics of home networks. In 52% of cases, corporate-issued devices are used by family members or trusted friends. These assets also share the same network as potentially insecure IoT devices such as alarm systems, smart TVs, refrigerators, and more.
As remote workforces become the norm, this should ring alarm bells for security leaders. When an employee uses a corporate device on a home network, malware can propagate to the corporate network. This is especially problematic given user behavior and the dynamics of home networks. In 52% of cases, corporate-issued devices are used by family members or trusted friends. These assets also share the same network as potentially insecure IoT devices such as alarm systems, smart TVs, refrigerators, and more.
![cybersecurity Third Party Services](/sites/default/files/styles/4_3_small/public/2023/06/08/cybersecurity%20Third%20Party%20Services.jpg.webp?itok=YFITlB3Y)
To serve your customers and realize efficiencies, your organization may work with dozens if not hundreds of third parties including partners, vendors, cloud service providers, and subcontractors.
![The BitSight and Moody's Partnership: A New Era For Cybersecurity](/sites/default/files/styles/4_3_small/public/migration/images/facebook-moodys-image-min_2.jpg.webp?itok=Sg6_IOaw)
Cybersecurity is one of the biggest threats to global commerce in the 21st century.
![4 Critical Success Factors for Effective Security Risk Management](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_791606470.png.webp?itok=d5lyQ1m2)
With the average cost of a data breach in the U.S. reaching nearly $8.6 million, your organization can’t afford to ignore cybersecurity risk. Indeed, the need for security risk management is greater than ever. When cyber risk is managed more effectively, you can focus on innovation and driving business growth.
![How to Make a Successful Case for Cybersecurity Funding](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1548797354.png.webp?itok=Jxuqz1Bg)
With cyberattacks on the rise, security investments are more important than ever. Still, the pandemic has forced many organizations to reconsider how they allocate their IT dollars. Between the new work-from-home paradigm and the increasingly global nature of many modern workplaces, CIOs have had to accelerate investments in cloud solutions and remote technology.
![What’s Most Notable in Biden’s Cybersecurity Executive Order?](/sites/default/files/styles/4_3_small/public/migration/images/Digital%2520American%2520Flag_1.png.webp?itok=g9t4_ERi)
In light of recent significant attacks targeting the U.S. government, the Biden administration issued an Executive Order (EO) on cybersecurity on May 8, 2021.
Overall, the EO starts to fill in some critical gaps in US government cybersecurity capabilities. The EO is designed primarily to protect Federal infrastructure, but will also have significant impact on private sector service providers (e.g. software providers) who will now be required to meet new security requirements in order to do business with the U.S. government.
Overall, the EO starts to fill in some critical gaps in US government cybersecurity capabilities. The EO is designed primarily to protect Federal infrastructure, but will also have significant impact on private sector service providers (e.g. software providers) who will now be required to meet new security requirements in order to do business with the U.S. government.
![BitSight Observations Into Hafnium Part Four: Who Is Still Vulnerable?](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1651775455_2.jpg.webp?itok=-ESfJPLc)
The unfolding Hafnium attack is the latest event in the trend of cyber events. CISO’s are starting to recognize that enterprise cyber security is being redefined to mean me and all my suppliers, or the combination of first and third party cyber risk is enterprise risk. NotPetya demonstrated that breaching a small accounting firm could cost a firm like Merck over $1B in damage.
![Should Security Ratings Require Independent Verification?](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_620211089_2.jpg.webp?itok=K0bAEtQF)
As a recent Forrester report highlighted, there are many cybersecurity ratings available. Security ratings have a valuable place in your overall cyber risk mitigation strategy, for many reasons.
![BitSight Is A Partner for Cybersecurity In Law Enforcement](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_657163924_1.jpg.webp?itok=jba_5rYp)
You can tell a lot about someone by the company they keep, and the same goes for your security ratings partner. All security ratings are not created equal.
![Three Things You Should Ask Your Security Ratings Partner](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1820093804_1.jpg.webp?itok=kpOlHghv)
Bitsight was recently named a Leader in The Forrester New Wave™: Cybersecurity Risk Rating Solutions, Q1 2021. As the creator and largest vendor by market presence in the category, we were honored to be recognized and to be the only vendor recognized for having differentiated product roadmap and go-to-market strategy.
![4 Must-have Best Practices for Better Vendor Risk Management](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1421446100_1.jpg.webp?itok=_ZCHFpoo)
Vendor risk management is top of everyone’s mind in light of the recent SolarWinds supply chain attack and concerns around weak points in the COVID-19 vaccination supply chains. Both exemplify the need for organizations of all types to take steps to fortify their vendor risk management processes.