Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
![Blog Image KEV Research Announcement](/sites/default/files/styles/cta/public/2024/05/01/Blog%20Image%20KEV%20Research%20Announcement.png?itok=dUMFV8Tg)
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
![You Can’t Secure What You Can’t See](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1396063595_1.jpg.webp?itok=0REXdk4D)
In the world of cybersecurity, there’s one ultimate truth that applies in every scenario: You can’t secure what you can’t see. Making informed, comparative decisions about your digital ecosystem requires you to understand where all your critical assets live — and any inherent risks present there. With as much as 75% of the workforce shifting to remote work in some industries, this visibility is more critical than ever.
![Don't Think Migration to the Cloud is a Risk? Think Again.](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_611605280_1.jpg.webp?itok=_cD1HjdT)
The cornerstone of digital transformation is the migration of apps and data to the cloud. There are obvious benefits to doing this. Businesses become more nimble and agile, and the cost of maintenance and development is off-loaded to a third-party. The benefits are so profound that, as of 2019, 84% of businesses used cloud-based SAAS (software as a service) apps.
![The Most Useful and Impactful Security Metrics Every CISO Should Have](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1219444957_1.jpg.webp?itok=70SlNa73)
Security leaders are increasingly making their cases through metrics. Data-driven measurement of cybersecurity performance can be used to justify spending, quantify risk, and more.
![Is Your Reputation at Stake?](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1361000201_1.jpg.webp?itok=HKRRaRPO)
It’s often said that our reputation precedes us. When it comes to the damage that can be done by a cybersecurity incident, that couldn’t be more true. In today’s security-focused world, a single breach can dramatically impact the public perception of your organization, ultimately leading to a loss of business and a hit to your bottom line.
![Reduce the Risk in Your Digital Ecosystem](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1056112217_1.jpg.webp?itok=sZchxcyX)
Cyber risk reduction is emerging as one of the most significant issues organizations face when managing their cybersecurity. As digital ecosystems expand, it’s crucial that organizations have insight into their core digital assets and the level of risk present. To improve performance over time, it’s critical to have visibility into your attack surface across various environments. With as much as 75% of the workforce shifting to remote work in some industries, this visibility is more important than ever.
![Lack of Cyber Metrics Hamper U.S. Ability to Respond to Cyberattacks](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1218735091_1.jpg.webp?itok=B59XqqBM)
As the nation struggles to come to terms with the coronavirus and questions linger around our readiness for such a pandemic, government leaders are already grappling with the next potential catastrophe — a major cyberattack against the U.S.
![Novel Coronavirus Brings New Challenges For Security Teams](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1643947495_1.jpg.webp?itok=BQ9JZ4Oe)
As the world wrestles with the spread of the COVID-19 coronavirus, many businesses are instituting new work from home (WFH) policies to keep employees safe and do their part to help halt the rate of infection. While remote work has long been a reality for many employees and businesses, remote work on such a large scale is frankly unprecedented and has the potential to open entirely new problems for security teams. It may make already challenging but essential work more difficult, and will require a careful reexamination of long standing policies, systems, and procedures.
![Hackers Target Defense Contractors in an Effort to Reach the Pentagon](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_508154416_1.jpg.webp?itok=FY6Q8FhS)
The Department of Defense (DoD) has one of the largest supply chains in the world, scaling to hundreds of thousands of different vendors and partners. Yet, these vital partners in our nation’s defense infrastructure pose a huge cyber risk.
![Mitigating Risk in Your Expanding Digital Ecosystem](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1160196997_1.jpg.webp?itok=ULBeLJl9)
As time goes on, organizations are taking on more and more new digital transformation initiatives to become increasingly agile and boost productivity — dramatically transforming the number of digital touchpoints employees interact with on a day-to-day basis.
![New Study Reveals Cybersecurity Risks in the World’s Largest Airports](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1189545343_1.jpg.webp?itok=aKYJ_nXB)
Back in 1990, Hollywood producers imagined a complex plot in which an army of mercenaries with malicious intent hack into and take over the air traffic control system at Washington Dulles International Airport. The result was the classic movie, Die Hard 2.
![Forecasting and Advanced Analytics: Building a Solid Security Strategy For 2020](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_450875209_1.jpg.webp?itok=kS62fC-M)
2020 is not only the beginning of a new year, but the start of a new decade, and with it comes the dawn of a new era for the digital world. We’re now in the midst of the once far-off, “futuristic” time periods old books and movies used to dream about. But does your security performance management strategy match the functionality of today’s technology?
![New Study: Why Cybersecurity Breach Survivors Are Your Firm’s Most Valued Asset](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1357654529-3_1.png.webp?itok=y87ZvMem)
No one wants to talk about their failures, especially in the cybersecurity realm where the stakes are high. But new insight from Symantec and Goldsmiths, University of London, finds that security professionals who have lived through a cybersecurity attack or breach could be the answer to protecting your organization against future threats.
![BitSight Study: Just How Secure is the Business Services Sector?](/sites/default/files/styles/4_3_small/public/migration/images/Business%2520Services%2520Blog_1.jpg.webp?itok=DOtKZHgy)
Management consultants, accountants, public safety offices, marketing firms, and many more business and professional services organizations are high-value targets for cybercriminals due to the range of confidential client information they handle. Companies in this sector should all have solid security postures — and many do. But there’s still an alarming number of enterprises that do not.
![Social Engineering: How Attackers Exploit People's Vulnerabilities](/sites/default/files/styles/4_3_small/public/migration/images/9.28%2520-%2520Social%2520Engineering%2520Blog_1.jpg.webp?itok=1c7i60GQ)
A new report from the Information Security Forum (ISF) contains some fascinating insights into how hackers probe and exploit people's psychological vulnerabilities to gain access to corporate systems. From phishing to "whaling" (targeting high level executives) to "baiting" (offering something in return for credentials or information), hackers are using several tactics to gain a foothold. They also know the best time to deploy those tactics – at the end of the day, for example, when a person is tired and may not make the best decisions.
![Turning Business Unit Heads Into Security Management Leaders](/sites/default/files/styles/4_3_small/public/migration/images/920%2520Blog_1.jpg.webp?itok=XTYOWqWu)
The old adage “it’s hard to find good help these days” has never been more true than when talking about security management. The well-documented cybersecurity shortage is very real, and the long hours and pressure experienced by those who are in charge of security performance management is causing stress and burnout.