Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
![Blog Image KEV Research Announcement](/sites/default/files/styles/cta/public/2024/05/01/Blog%20Image%20KEV%20Research%20Announcement.png?itok=dUMFV8Tg)
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
![How to Make More Informed, Data-Driven Security Decisions](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_302638517_1.jpg.webp?itok=OlxxqZoo)
Data can be the key to making more informed, strategic cybersecurity decisions — and ensuring you’re spending your security dollars effectively. In order to get the most out of your increasingly limited security resources and meet or surpass industry benchmarks, you need visibility into the relative performance of your security program — and insight into the cyber risk present across your ecosystem.
![The Latest Cybersecurity Trends in State Government Entities](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_669226078_1.jpg.webp?itok=kJVaBcJX)
It should come as no surprise that the cybersecurity landscape has been changing dramatically throughout the year 2020. According to Bitsight research, up to 85% of the workforce in some industries has shifted to remote work in response to the COVID-19 pandemic — introducing corporate devices to a variety of new and evolving cyber threats. While malicious actors are taking advantage of this opportunity to advance their nefarious objectives, security teams are racing to adapt to our “new normal” operating environment so that they can continue to effectively mitigate risk across their growing attack surfaces.
![Automation: The Key to Optimizing Your Risk Assessment Process](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_525065503_1.jpg.webp?itok=IyjU6GD5)
In response to the global COVID-19 pandemic, more employees have been working from home over the past several months than ever before. In fact, during the period of March 2020, we looked at a sample size of 41,000 organizations and found that up to 85% of the workforce in some industries had shifted to remote work.
![The Competitive Advantage of a Strong Security Program](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1712588752_1.jpg.webp?itok=NgSZhupr)
In today’s competitive marketplace, more and more companies are realizing that maintaining a good security posture is a crucial market differentiator — playing an essential role in their ability to earn customer trust and protect their brand reputation. In fact, as stated in a recent Forrester study commissioned by Bitsight, Better Security and Business Outcomes With Security Performance Management, “companies win and lose business based on both real and perceived security performance challenges — meaning security is now responsible for protecting, enabling, and even creating, revenue growth opportunities.”
![Lessons Learned From The Garmin Cyberattack](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1211178508_1.jpg.webp?itok=PNsDPpcm)
In the cybersecurity industry we deal with news of breaches or potential threats nearly every day, but when you really think about it, it’s bizarrely rare how little these events impact our everyday lives. Yes, they impact the professional lives of many and have serious business consequences, but perhaps one reason for the lack of urgency society seems to show on the issue is that these tend to be fairly low visibility events for the average person. Even something like the Target or Capital One breaches happened at a remove for most people in the world, with little impact on our daily lives.
![Discover and Mitigate Cyber Risk Across Your Cloud Environment](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_222190471_1.jpg.webp?itok=IQs3d9wm)
Did you know that the volume of attacks on cloud services more than doubled in 2019? According to the 2020 Trustwave Global Security Report, cloud environments are now the third most targeted environment for cyber attacks. While these incidents are on the rise, migrating to the cloud is no longer optional for many organizations, due to the widespread shift to remote work. In today’s ever-evolving, dynamic security landscape, mitigating risk effectively requires thorough cloud security monitoring and continued visibility into your expanding attack surface.
![Enhance Vulnerability Mitigation With Security Performance Management](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_546191650_1.jpg.webp?itok=UtrMRyeZ)
Did you know that 60% of breaches involve vulnerabilities for which a patch was available but not applied? Now, as business-targeted cyber attacks are on the rise, the ability to mitigate security vulnerabilities quickly and effectively is more important than ever. With malicious actors constantly on the hunt to discover any weaknesses within your infrastructure, it’s critical that you have the tools and insights you need to identify and defend against all possible exploits.
![BitSight Data Highlights Vaccine Developer Vulnerabilities](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1673968429_1.jpg.webp?itok=1bsevYza)
As the biomedical community rushes to develop vaccines to combat COVID-19, malicious actors are seeking to steal the sensitive intellectual property that underpins treatment.
![Take Your Threat Intelligence Insights to the Next Level](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_652587526_1.jpg.webp?itok=T3A-I9wW)
As your attack surface grows and the threat environment becomes increasingly complex, it’s more important than ever to take a risk-based approach to cybersecurity. By doing so, you can focus your limited resources on the areas that have the biggest impact on your security performance — empowering you to save time and money.
![How Security Performance Management Fits Into Your Tech Stack](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1381797128_1.jpg.webp?itok=VjLn9ZXX)
In our ever-evolving, dynamic cybersecurity landscape, new vulnerabilities are being exploited daily and potential threats can escalate very quickly. Expectations and standards of care are constantly in flux — and what constituted “adequate” security yesterday may not be enough today. As the attack surface continues to grow, it’s more important than ever that you can quickly identify and remediate cybersecurity gaps that exist within your infrastructure.
![Secure Remote Work: New Threats Require a Shift in Policy and Training](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_431935282_1.jpg.webp?itok=kpxfqnAC)
Working from home introduces significant cyber risk to any organization. However, recent events reveal that it’s not a case of “if” but “when” bad actors will exploit the rampant vulnerabilities on home networks.
![Russian Hackers Validate BitSight WFH Data](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_625624946_1.jpg.webp?itok=vndU-9tP)
This week the New York Times released a report warning that a group of Russian hackers going by the name “Evil Corp” has been attempting to exploit the rampant vulnerabilities presented by the US workforce shifting to working from home at remote offices, raising fears that major U.S. brands, news organizations, or even election systems could be disrupted with ransomware attacks. The research, conducted by Symantec, revealed that 31 large U.S. corporations, including Fortune 500 companies and news organizations, have fallen victim to Evil Corp, and those are just the ones we know about.
![Take Your Security Data to the Next Level](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1221723337_1.jpg.webp?itok=FhAq1wYk)
In today’s ever-evolving, increasingly complex threat landscape, it’s more important than ever to have the necessary insights and resources to make data-driven security performance management decisions.
![Report Shows Cyber Attacks on Cloud Services Have Doubled](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1458581246_1.jpg.webp?itok=A5jIX5Cx)
As cloud services increase in popularity, a worrying cybersecurity trend has emerged. According to the 2020 Trustwave Global Security Report, the volume of attacks on cloud services more than doubled in 2019 and accounted for 20% of investigated incidents. Although corporate and internal networks remain the most targeted domains, representing 54% of incidents, cloud environments are now the third most targeted environment for cyber attacks.
![Shine a Light on Shadow IT](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_653465086_1.jpg.webp?itok=8X6ao8RG)
Over the last several years Shadow IT has grown from a minor annoyance into a major threat to business operations. While the term is often used to refer to runaway tech spending by users in marketing or dev-ops or finance, it has in fact become a much larger issue that involves the very core of organizational infrastructure with the potential to pose enormous cyber risk.