Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Critical Vulnerabilities Discovered in Automated Tank Gauge Systems
Bitsight TRACE explores several critical vulnerabilities discovered in ATG systems and their inherent risk when exposed to the Internet.
Cyber risk reduction is emerging as one of the most significant issues organizations face when managing their cybersecurity. As digital ecosystems expand, it’s crucial that organizations have insight into their core digital assets and the level of risk present. To improve performance over time, it’s critical to have visibility into your attack surface across various environments. With as much as 75% of the workforce shifting to remote work in some industries, this visibility is more important than ever.
As the nation struggles to come to terms with the coronavirus and questions linger around our readiness for such a pandemic, government leaders are already grappling with the next potential catastrophe — a major cyberattack against the U.S.
As the world wrestles with the spread of the COVID-19 coronavirus, many businesses are instituting new work from home (WFH) policies to keep employees safe and do their part to help halt the rate of infection. While remote work has long been a reality for many employees and businesses, remote work on such a large scale is frankly unprecedented and has the potential to open entirely new problems for security teams. It may make already challenging but essential work more difficult, and will require a careful reexamination of long standing policies, systems, and procedures.
The Department of Defense (DoD) has one of the largest supply chains in the world, scaling to hundreds of thousands of different vendors and partners. Yet, these vital partners in our nation’s defense infrastructure pose a huge cyber risk.
As time goes on, organizations are taking on more and more new digital transformation initiatives to become increasingly agile and boost productivity — dramatically transforming the number of digital touchpoints employees interact with on a day-to-day basis.
Back in 1990, Hollywood producers imagined a complex plot in which an army of mercenaries with malicious intent hack into and take over the air traffic control system at Washington Dulles International Airport. The result was the classic movie, Die Hard 2.
2020 is not only the beginning of a new year, but the start of a new decade, and with it comes the dawn of a new era for the digital world. We’re now in the midst of the once far-off, “futuristic” time periods old books and movies used to dream about. But does your security performance management strategy match the functionality of today’s technology?
No one wants to talk about their failures, especially in the cybersecurity realm where the stakes are high. But new insight from Symantec and Goldsmiths, University of London, finds that security professionals who have lived through a cybersecurity attack or breach could be the answer to protecting your organization against future threats.
Management consultants, accountants, public safety offices, marketing firms, and many more business and professional services organizations are high-value targets for cybercriminals due to the range of confidential client information they handle. Companies in this sector should all have solid security postures — and many do. But there’s still an alarming number of enterprises that do not.
A new report from the Information Security Forum (ISF) contains some fascinating insights into how hackers probe and exploit people's psychological vulnerabilities to gain access to corporate systems. From phishing to "whaling" (targeting high level executives) to "baiting" (offering something in return for credentials or information), hackers are using several tactics to gain a foothold. They also know the best time to deploy those tactics – at the end of the day, for example, when a person is tired and may not make the best decisions.
The old adage “it’s hard to find good help these days” has never been more true than when talking about security management. The well-documented cybersecurity shortage is very real, and the long hours and pressure experienced by those who are in charge of security performance management is causing stress and burnout.
In a new Forrester study commissioned by Bitsight, “Better Security And Business Outcomes With Security Performance Management”, key findings implicate the strong need for businesses worldwide to invest in a robust security performance management program. In fact, results from this study showed that companies using formal security metrics are more likely to have seen a 10% or greater increase in their security budget in the last year. Ultimately, this investment allows organizations to leverage this information to win business.
When it comes to managing your organization’s cybersecurity performance, understanding the business context in which you make decisions is key. By leveraging security ratings you can understand the efficacy of your current security program, identify control gaps and/or failures, and determine the best allocation of resources that will lead to overall process improvement. With this level of visibility, security and risk leaders can now lead more data-driven conversations around cybersecurity with internal and external stakeholders about important security initiatives and feel more confident in the investments they are making in their security programs.It’s critical that security leaders understand how to prioritize their efforts. Bitsight for security performance management allows you to easily examine the importance of an event based on both asset importance and event severity. And now with Bitsight’s new integration between the Asset Risk Matrix and the Bitsight Forecasting engine — any security team can quickly assess the expected impact of their efforts based on Bitsight’s recommended remediation plan.
If you’ve glanced at the opinion columns of security industry publications, you’ve probably seen the term “risk-based” floating around, as in “the time is now for a comprehensive, risk-based approach” or “a risk-based approach to security is key to business alignment."
Just a few weeks ago, Gartner released their list of “Top 10 Security Projects for 2019”, and named security ratings services as a business imperative.