Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
![Blog Image KEV Research Announcement](/sites/default/files/styles/cta/public/2024/05/01/Blog%20Image%20KEV%20Research%20Announcement.png?itok=dUMFV8Tg)
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
![cybersecurity program](/sites/default/files/styles/4_3_small/public/2021/12/13/Cybersecurity%20Program%20Blog%20Drupal%20Sized-min.jpg.webp?itok=9ktdoCjJ)
Cybersecurity is a priority for any organization and a big-ticket budget line item. But before investments in security are made, your organization must understand what it is doing right and where improvements to your cybersecurity program are needed.
Typically, this involves conducting a periodic security audit. But these assessments only capture a point-in-time view of the effectiveness of your security controls – and are incredibly resource-intensive.
Typically, this involves conducting a periodic security audit. But these assessments only capture a point-in-time view of the effectiveness of your security controls – and are incredibly resource-intensive.
![cyber risk banner](/sites/default/files/styles/4_3_small/public/2021/12/08/cyber%20risk%20banner.jpg.webp?itok=FiIIwzUe)
You can’t reduce the cyber risks faced by your organization if you don’t know what you’re up against. That’s the purpose of a vulnerability probe.
![DNS Spoofing](/sites/default/files/styles/4_3_small/public/2021/12/02/DNS%20Spoofing.jpg.webp?itok=rpoPVA08)
There are many ways that a bad actor can infiltrate your IT infrastructure and begin sifting through your data. These vulnerable entry points are known as risk vectors and include insecure endpoints, unsupported mobile devices, unpatched systems, and more.
![workforce cybersecurity](/sites/default/files/styles/4_3_small/public/2023/06/07/Workforce%20cybersecurity.jpg.webp?itok=RwYpaw3C)
Work from home practices introduce significant cyber risk to any organization. Worryingly, Bitsight research discovered that remote office networks are 7.5 times more likely to have at least five distinct malware families on them than a corporate network.
As remote workforces become the norm, this should ring alarm bells for security leaders. When an employee uses a corporate device on a home network, malware can propagate to the corporate network. This is especially problematic given user behavior and the dynamics of home networks. In 52% of cases, corporate-issued devices are used by family members or trusted friends. These assets also share the same network as potentially insecure IoT devices such as alarm systems, smart TVs, refrigerators, and more.
As remote workforces become the norm, this should ring alarm bells for security leaders. When an employee uses a corporate device on a home network, malware can propagate to the corporate network. This is especially problematic given user behavior and the dynamics of home networks. In 52% of cases, corporate-issued devices are used by family members or trusted friends. These assets also share the same network as potentially insecure IoT devices such as alarm systems, smart TVs, refrigerators, and more.
![4 Best Practices for Supply Chain Cyber Risk Management](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1544853236.png.webp?itok=ULRDHYQ7)
Cyber risk management should be a priority for any organization. And while there are many measures your business can take to reduce cybersecurity risk across the enterprise, how do you discover and remediate unknown risks that may be lurking in the networks of third parties?
![3 Ways CISOs Can Brief Executives and Board Members on Cybersecurity IT Governance](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1031044351.png.webp?itok=XEEozr6l)
Cybersecurity incidents are on the rise, and the monetary setbacks for victims are considerable. The average cost of a data breach in the U.S. has soared to nearly $8.6 million, and these costs are expected to grow by 15% over the next five years.
![4 Best Practices for Attack Surface Management](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_613167605_1.jpg.webp?itok=2WiePjlt)
Accelerated by the pandemic, digital ecosystems are expanding. New ways of working remotely, and the rapid adoption of cloud technologies have increased the number of digital touch-points that employees interact with. Unfortunately this expanded attack surface creates new points of exposure that make it difficult for security leaders to pinpoint where cyber risk exists, or when a risk is worth concern.
![Three Ways To Improve Your Cyber Risk Monitoring Tools](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1182594889_1.jpg.webp?itok=jmebBYdU)
Whether your organization is just beginning to develop your security performance management systems, or you already have a mature and established program in place, there is always room to innovate and improve the cyber risk monitoring tools you use.
![4 Must-have Best Practices for Better Vendor Risk Management](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1421446100_1.jpg.webp?itok=_ZCHFpoo)
Vendor risk management is top of everyone’s mind in light of the recent SolarWinds supply chain attack and concerns around weak points in the COVID-19 vaccination supply chains. Both exemplify the need for organizations of all types to take steps to fortify their vendor risk management processes.
![3 Ways to Improve Your Vendor Lifecycle & Make it More Efficient](/sites/default/files/styles/4_3_small/public/migration/images/3%2520ways%2520to%2520improve%2520vendor%2520lifecycle%2520management%2520blog_1.jpg.webp?itok=709DHoAh)
During this dynamic and stressful workplace environment 2020 has brought us, finding the most efficient ways to perform in your job has never been more important. When it comes to managing your vendor lifecycle, there are three ways you can implement more efficient processes to save time and money for your business.
![3 Ways to Mitigate Cyber Risk in Temporary COVID-19 Hospitals](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_642880945_1.jpg.webp?itok=qqZviqNy)
As cases of COVID-19 have grown, a lack of capacity has led governments to erect temporary hospitals in our nation’s stadiums, parks, and convention centers.
![Guide: Fourth-Party Cyber Risk & Management](/sites/default/files/styles/4_3_small/public/migration/images/Fourth%2520party%2520blog%2520post_1.png.webp?itok=OWaBUUiV)
In today’s interconnected world, supply chains are growing exponentially. As a result, third-party risk has become a big focus for senior management. But what about the vendors that your suppliers rely on and the threat of fourth-party risk?
![3 Ways to Avoid the Top Causes of Data Breaches](/sites/default/files/styles/4_3_small/public/migration/images/3%2520Ways%2520to%2520Avoid%2520blog%2520post-1_1.png.webp?itok=Ny6AlRDp)
As the number and costs of cyber-attacks and data breaches continue to rise, more money is being thrown at the problem. IDC projects that by 2022, organizations will spend $133.8 billion to protect their IT infrastructures against cybersecurity threats.
![Software Risk Management: 3 Tips for Project & Product Managers](/sites/default/files/styles/4_3_small/public/migration/images/2.19-software-risk-management-tips-blog-image_1.jpg.webp?itok=3sztYmaO)
The development and deployment of software applications is inherently risky; a number of things can go wrong both during development and after launch. Project and product managers must stay aware of risks coming from a variety of areas, including:
![Quantifying Cybersecurity Risk: A Beginners Guide](/sites/default/files/styles/4_3_small/public/migration/images/bigstock-Asian-Business-Adviser-Meeting-226416148_1.jpg.webp?itok=Qb25yCDA)
In a 2017 survey of almost 1,300 CEOs conducted by PwC, 63% of respondents said they were “extremely concerned” about cyber threats — up from just 8% in 2013.