Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
![Blog Image KEV Research Announcement](/sites/default/files/styles/cta/public/2024/05/01/Blog%20Image%20KEV%20Research%20Announcement.png?itok=dUMFV8Tg)
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
![Lessons Learned From the New Court Ruling on the Capital One Breach](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_230526010_1.jpg.webp?itok=ruU0JiwT)
Last year’s Capital One data breach ranks as one of the largest confirmed breaches ever, exposing the personal data of more than 100 million Capital One customer accounts stored in the cloud.
![5 Ways to Justify Security Investments in the Face of Budget Cuts](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_753656569_1.jpg.webp?itok=xG_Vffa1)
For years cybersecurity spending has experienced stratospheric growth. Then COVID-19 hit and forecasts took a grim turn.
![How Automation Helps Security Teams Adjust to the Work-from-Home SOC](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_669226183_1.jpg.webp?itok=HaR4-SZV)
While many companies have succeeded in creating a sustainable remote workforce, this “new normal” environment remains particularly challenging for security operations teams. Accustomed to working in a physical security operations center (SOC), where collaboration and teamwork is key, security teams must find ways to operate efficiently while working from home.
![The 2020 Verizon DBIR: If Nothing Changes, Then Nothing Changes](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1136227238_1.jpg.webp?itok=r9NGb8CC)
This week the 13th edition of the Verizon Data Breach Investigations Report (DBIR) was released, which is usually a hallmark event of the cybersecurity world. As we have been in previous years, Bitsight is proud to be a data contributor to the report. After taking some time to give it an initial read through, however, one thing stood out loud and clear to us: how little has changed after 13 years.
![4 Ways to Mitigate Cyber Risk as Hackers Target COVID Researchers](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_761873584_1.jpg.webp?itok=O9iu1LE0)
As the U.S. biomedical community rushes to combat COVID-19, the FBI announced last week that, in a bid to win the race for a vaccine or cure, state-sponsored Chinese hackers are targeting U.S. researchers in an attempt to “obtain valuable intellectual property and public health data related to vaccines, treatments, and testing.”
![The Shifting Role of the Security Professional: Doing More With Less](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_384090190_1.jpg.webp?itok=IQSITf83)
The COVID-19 outbreak has seen the roles of many cybersecurity professionals change — and many worry what it will mean for protecting their organizations from attacks.
![BitSight Research Reveals Vulnerabilities in Point of Sales Systems](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1263203356_1.jpg.webp?itok=DUHPXoJ-)
When people talk about cybersecurity risks, the first area that normally comes to mind is malware. Some might even consider that it’s the worst event that can happen, as it normally indicates that a malicious actor has already bypassed the layers of security and now has free-reign to do what they want. The circumstances that led to the compromised systems, however, often tell a larger story. Issues like EternalBlue and BlueKeep require prompt response by system administrators in order to minimize the risk posed to their attack surface. Vulnerabilities often represent unpredictable changes of an organization’s attack surface that increase the risk of breach and compromise where the organization has to react accordingly based on their response plans and internal processes.
![Pre-installed Android Threats: Data Insights](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_590576420_1.jpg.webp?itok=USgZm_Cj)
We used to think of malicious software — or malware as it’s more commonly known — as a threat to laptops and desktop computers. But as we are increasingly using mobile devices for many important things in our daily lives such as banking, cybercriminals are targeting smartphones and tablets more often. Consequently, Apple iOS and Android, which are the most popular mobile operating systems, have become targets for cybercriminals. Android still remains the most targeted because it has more market share and it’s open source, contrary to its direct competitor.
![The Long-term Impact of COVID-19: How Security Leaders Can Adapt](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_638403709_1.jpg.webp?itok=bfxaJMrL)
In a matter of weeks, the COVID-19 pandemic has established a “new normal” in society. But it has also rapidly shifted the business of cybersecurity.
![Identifying Unique Risks of Work from Home Remote Office Networks](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1056112217%2520%25281%2529_1.jpg.webp?itok=CSEeGyZQ)
During the period of March 2020, we looked at a sample size of 41,000 US-based organizations to understand the difference between corporate networks and Work From Home-Remote Office (WFH-RO) networks from a cyber-risk perspective.
![Collaboration Tools Expose the Remote Office to New Vulnerabilities](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_302508602_1.jpg.webp?itok=zda-wyQG)
As the COVID-19 pandemic sees millions of employees shift to a work-from-home model, collaboration tools like Zoom and Slack have never been more critical or popular. Zoom is currently experiencing a 378% year-over-year growth in its daily active user count and was downloaded 2.13 million times in a single day as lockdowns went into effect worldwide.
![Coronavirus Pandemic Leads to New and Evolving Cyber Threats](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_222984970_1.jpg.webp?itok=stQwlLIz)
Over recent weeks, the ongoing spread of the COVID-19 coronavirus has had a major impact on the global economy and how businesses operate as a whole. More and more organizations are moving to a mandated work from home (WFH) model to help limit the spread of the virus — introducing a variety of unique and constantly evolving challenges for security leaders when it comes to mitigating cyber risk.
![Coronavirus Pandemic Highlights Government Cyber Vulnerabilities](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_669226093_1.jpg.webp?itok=Uc-L7bZo)
As citizens adjust their daily lives to reduce the chances of catching or spreading COVID-19, the risks associated with the pandemic are extending beyond a national health and economic crisis. Cyberthreats, including phishing scams, spam, and other attacks against organizations are spiking by as much as 40% as bad actors seek to take advantage of global uncertainty and anxiety, according to new data from CNBC.
![Lack of Cyber Metrics Hamper U.S. Ability to Respond to Cyberattacks](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1218735091_1.jpg.webp?itok=B59XqqBM)
As the nation struggles to come to terms with the coronavirus and questions linger around our readiness for such a pandemic, government leaders are already grappling with the next potential catastrophe — a major cyberattack against the U.S.
![ElevenPaths CyberSecurity Report Outlines Cyber Risk Ratings by Sector](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1096465133_1.jpg.webp?itok=3PxCiRhW)
ElevenPaths, Telefonica’s Cybersecurity Unit, recently released a new report that summarizes the latest cybersecurity insights from the second half of 2019 — covering everything from relevant incidents and vulnerabilities to cyber risk ratings by sector. The information presented is mostly based on the collection and synthesis of internal data that has been contrasted with public information from high-quality sources, including Bitsight Security Ratings.