Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
![Blog Image KEV Research Announcement](/sites/default/files/styles/cta/public/2024/05/01/Blog%20Image%20KEV%20Research%20Announcement.png?itok=dUMFV8Tg)
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
![Get Ready For Ransomware Season](/sites/default/files/styles/4_3_small/public/migration/images/holiday%2520ransomware_1.jpg.webp?itok=lQ4z7W6Y)
As retailers and consumers across the country begin gearing up for the 2019 holiday shopping season, hackers are also preparing for the days between Thanksgiving and Christmas. And all signs point to ransomware as their preferred method of attack.
![Control and Accountability: The New Watchwords for Regulatory Compliance](/sites/default/files/styles/4_3_small/public/migration/images/control_accountability_blog_1.jpg.webp?itok=qkHuwdMy)
The regulatory environment is evolving rapidly as national and international regulatory bodies attempt to keep pace with changing business models, technology infrastructure and continuously escalating cyberthreats.
![New Study: Why Cybersecurity Breach Survivors Are Your Firm’s Most Valued Asset](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1357654529-3_1.png.webp?itok=y87ZvMem)
No one wants to talk about their failures, especially in the cybersecurity realm where the stakes are high. But new insight from Symantec and Goldsmiths, University of London, finds that security professionals who have lived through a cybersecurity attack or breach could be the answer to protecting your organization against future threats.
![BitSight Study: Just How Secure is the Business Services Sector?](/sites/default/files/styles/4_3_small/public/migration/images/Business%2520Services%2520Blog_1.jpg.webp?itok=DOtKZHgy)
Management consultants, accountants, public safety offices, marketing firms, and many more business and professional services organizations are high-value targets for cybercriminals due to the range of confidential client information they handle. Companies in this sector should all have solid security postures — and many do. But there’s still an alarming number of enterprises that do not.
![Airbus Incident Shines Spotlight on Third-Party Vendor Security Risks](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1319730824_1.jpg.webp?itok=SWXTMUgV)
2019 has been a year of high-profile attacks, and, as we predicted, it’s only getting worse. That’s certainly the case for Airbus.
![Social Engineering: How Attackers Exploit People's Vulnerabilities](/sites/default/files/styles/4_3_small/public/migration/images/9.28%2520-%2520Social%2520Engineering%2520Blog_1.jpg.webp?itok=1c7i60GQ)
A new report from the Information Security Forum (ISF) contains some fascinating insights into how hackers probe and exploit people's psychological vulnerabilities to gain access to corporate systems. From phishing to "whaling" (targeting high level executives) to "baiting" (offering something in return for credentials or information), hackers are using several tactics to gain a foothold. They also know the best time to deploy those tactics – at the end of the day, for example, when a person is tired and may not make the best decisions.
![What Boards of Directors Are Missing about Cybersecurity](/sites/default/files/styles/4_3_small/public/migration/images/What_Boards_of_Directors_Are_Missing_about_Cybersecurity_1.jpeg.webp?itok=W9mThRcg)
Cyberattacks have increased significantly in recent years, bringing vital conversations about cybersecurity into the Boardroom. As Board oversight of cybersecurity has increased, Board members — even those without technical expertise — have had to become rapidly acquainted with IT risk and security concepts. In the past few years, frameworks and best practices have emerged to help these Boards get a grip on their organization’s cybersecurity posture.
![As the Capital One Breach Proves, Effective CISO Leadership Starts with Culture](/sites/default/files/styles/4_3_small/public/migration/images/830%2520blog_1.jpg.webp?itok=aptyxvW3)
As the fallout from the Capital One data breach continues, new lessons are being learned. Although technical failings were at the heart of the breach, a recent article in the The Wall Street Journal points to a series of overlooked issues that produced perfect storm conditions for the attack.
![SOC Stress: The Security Threat That Nobody is Talking About](/sites/default/files/styles/4_3_small/public/migration/images/816%2520blog%2520%25282%2529_1.jpg.webp?itok=XFR-IU5c)
Stress and burnout is emerging as perhaps the biggest threat to corporate security. Long hours, alert overload, and a lack of visibility into their IT infrastructure have many security professionals reconsidering their chosen careers.
![It’s Time for CISOs to Take a Seat at the Table](/sites/default/files/styles/4_3_small/public/migration/images/CISO%2520Seat%2520at%2520Table%2520-%2520FB%2520Social%2520Graphic%2520Main%2520Blog%2520Image_1.jpg.webp?itok=Z4UBIqNW)
It doesn’t matter what business you’re in — cybersecurity has become extremely important to both your organization’s reputation and its bottom line. According to reports, the average cost of a data breach is $3.86 million.
![CISOs Are Burning Out: Here’s How to Fix It](/sites/default/files/styles/4_3_small/public/2022/06/07/bigstock--218873089_1.jpg.webp?itok=NCBDnCoO)
Everyone experiences stress in their jobs, but security leaders may have it worse than most. According to Dark Reading, 60% of CISOs admit they rarely disconnect from work, while 88% work more than 40 hours per week. It’s no surprise that 51% of tech executives experience stress-related illnesses as a result of cyberattacks, tech outages, and breaches – a number that increases to 56% among CTOs and CIOs.
![Equifax Data Breach Settlement is a Warning Shot to Businesses Everywhere](/sites/default/files/styles/4_3_small/public/migration/images/726%2520blog%2520%25281%2529_1.jpg.webp?itok=8NzQC9hi)
The summer of 2019 is proving to be a cybersecurity record breaker – for all the wrong reasons. In the past two weeks, businesses in Europe and the U.S. were levied massive penalties after probes into data breaches that left consumer data exposed.
![An Update on the State of Cyber Risk in Spain](/sites/default/files/styles/4_3_small/public/migration/images/716%2520blog_1.jpg.webp?itok=1kgQ-WjY)
Today ElevenPaths, the Telefónica Group’s global cybersecurity unit, released a report highlighting cybersecurity trends for the first half of 2019. As a follow-up to a November 2018 report, ElevenPaths again takes a close look at how cybersecurity is trending in Spain and compares statistics for Spain against the whole of Europe.
![Report: Cybersecurity Skills Shortage Requires Different Approach](/sites/default/files/styles/4_3_small/public/migration/images/711%2520blog_1.png.webp?itok=9kWANbSk)
If your organization is grappling with a tight cybersecurity talent pool, you’re not alone. According to Gartner, 61% of organizations struggle to hire security professionals. It’s a problem that’s only going to get worse. The Harvard Business Review predicts that, by 2020, there will be more than 1.5 million unfilled cyber positions worldwide.
![New Iranian Cyber Warfare Puts U.S. Networks at Risk](/sites/default/files/styles/4_3_small/public/migration/images/bigstock--202598437-1_1.jpg.webp?itok=5PYU3v37)
As tensions between the U.S. and Iran continue to heat up, a cyber war is already underway between the two nations.