Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
![Blog Image KEV Research Announcement](/sites/default/files/styles/cta/public/2024/05/01/Blog%20Image%20KEV%20Research%20Announcement.png?itok=dUMFV8Tg)
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
![New Forrester Study Highlights Need for Security Performance Management](/sites/default/files/styles/4_3_small/public/migration/images/95%2520blog_1.jpg.webp?itok=GD2aZ1Qi)
In a new Forrester study commissioned by Bitsight, “Better Security And Business Outcomes With Security Performance Management”, key findings implicate the strong need for businesses worldwide to invest in a robust security performance management program. In fact, results from this study showed that companies using formal security metrics are more likely to have seen a 10% or greater increase in their security budget in the last year. Ultimately, this investment allows organizations to leverage this information to win business.
![Security Performance in Business Context: How Forecasts Empower Organizations to Improve Processes](/sites/default/files/styles/4_3_small/public/migration/images/bigstock-Asian-Business-Adviser-Meeting-253996027_1.jpg.webp?itok=2v6oJlEy)
When it comes to managing your organization’s cybersecurity performance, understanding the business context in which you make decisions is key. By leveraging security ratings you can understand the efficacy of your current security program, identify control gaps and/or failures, and determine the best allocation of resources that will lead to overall process improvement. With this level of visibility, security and risk leaders can now lead more data-driven conversations around cybersecurity with internal and external stakeholders about important security initiatives and feel more confident in the investments they are making in their security programs.It’s critical that security leaders understand how to prioritize their efforts. Bitsight for security performance management allows you to easily examine the importance of an event based on both asset importance and event severity. And now with Bitsight’s new integration between the Asset Risk Matrix and the Bitsight Forecasting engine — any security team can quickly assess the expected impact of their efforts based on Bitsight’s recommended remediation plan.
![A Risk-based Approach to Cybersecurity Can Save Time & Money](/sites/default/files/styles/4_3_small/public/migration/images/A_Risk_based_Approach_to_Cybersecurity_Can_Save_Time_And_Money_1.jpeg.webp?itok=mlMxqdSx)
If you’ve glanced at the opinion columns of security industry publications, you’ve probably seen the term “risk-based” floating around, as in “the time is now for a comprehensive, risk-based approach” or “a risk-based approach to security is key to business alignment."
![Gartner Names Security Ratings a Top 10 Security Project for 2019](/sites/default/files/styles/4_3_small/public/migration/images/bigstock-Security-Global-Network-278195797_2.jpg.webp?itok=Ms35xcK9)
Just a few weeks ago, Gartner released their list of “Top 10 Security Projects for 2019”, and named security ratings services as a business imperative.
![BitSight Security Ratings Platform Expands Its Visibility in Compromised Systems](/sites/default/files/styles/4_3_small/public/migration/images/bigstock-cybercrime-hacking-and-techno-239309626_1.jpg.webp?itok=vqoYygdC)
Since creating the Security Ratings market in 2011, a core component of Bitsight’s value to users has been providing industry-leading comprehensive visibility into malware communications.
![Advanced Security Benchmarking with BitSight Peer Analytics](/sites/default/files/styles/4_3_small/public/migration/images/Peer%2520Analytics%2520Laptop%2520Blog%2520Header_1.jpg.webp?itok=R2eMRhSX)
Based on security performance data of hundreds of thousands of global organizations, Peer Analytics gives security and risk leaders visibility into the relative performance of their cybersecurity programs against a meaningful set of peers. These analytics help them set achievable performance targets based on their Bitsight Security Rating, effectively allocate limited resources, and efficiently prioritize security efforts with a focus on continuous program improvement.
Peer Analytics provides companies with a more granular view of their security rating. It is based on hundreds or thousands of companies (a broader set of similar organizations) that allow you to see where there are gaps in your security performance: at the ratings level, risk vector grade level, and at the vector detail event level.
Peer Analytics: Analyze, Prioritize, Act
Today, security and risk leaders use Peer Analytics to:
Set achievable security goals based on relative performance withi
Peer Analytics provides companies with a more granular view of their security rating. It is based on hundreds or thousands of companies (a broader set of similar organizations) that allow you to see where there are gaps in your security performance: at the ratings level, risk vector grade level, and at the vector detail event level.
Peer Analytics: Analyze, Prioritize, Act
Today, security and risk leaders use Peer Analytics to:
Set achievable security goals based on relative performance withi
![Forecasting: The Missing Link in Your Annual Security Performance Planning Process](/sites/default/files/styles/4_3_small/public/migration/images/11.29-Forecasting-Blog-Header-Image_1.jpg.webp?itok=HB-lM65g)
When it comes to security performance management within your organization, how do your security teams measure performance? If they’re using security ratings, they know that this objective, quantitative measurement is an effective place to start when evaluating performance in certain areas.
![Using Security Ratings to Drive Organizational Performance](/sites/default/files/styles/4_3_small/public/migration/images/bigstock-Businessman-using-a-digital-ta-209395744_2.jpg.webp?itok=UzGSTRum)
An increasing number of security and risk teams are using security ratings to effectively assess the impact of their security programs as well as communicate changes to key decision makers — like the Board of Directors. These teams know that their company needs tools that provide an objective and quantitative view of their cybersecurity performance over time.
![Quantifying Cybersecurity Risk: A Beginners Guide](/sites/default/files/styles/4_3_small/public/migration/images/bigstock-Asian-Business-Adviser-Meeting-226416148_1.jpg.webp?itok=Qb25yCDA)
In a 2017 survey of almost 1,300 CEOs conducted by PwC, 63% of respondents said they were “extremely concerned” about cyber threats — up from just 8% in 2013.
![A Forward-Looking View Into Security Performance](/sites/default/files/styles/4_3_small/public/migration/images/bigstock--195359497_1.jpg.webp?itok=SJHgxD5p)
For the last five years, Bitsight Security Ratings have been helping companies gain insight into the efficacy of their security programs, as well as the security performance of third and fourth party vendors. Today, the Bitsight Security Rating platform provides a year’s worth of data on all companies to paint a comprehensive picture of a company’s security posture over time.
![Make Security Benchmarking a Reality](/sites/default/files/styles/4_3_small/public/migration/images/Make_Security_Benchmarking_a_Reality-013027-edited_2.jpeg.webp?itok=wJ9QVOUl)
Most organizations are accustomed to benchmarking certain business areas like sales, profits, and resource allocation. These areas all have one thing in common — they are easily measured with simple, quantifiable metrics.
![Why Establishing Cybersecurity Benchmarks is a Must for Organizations](/sites/default/files/styles/4_3_small/public/migration/images/Why_Establishing_Cybersecurity_Benchmarks_is_a_Must_for_Organizations-125630-edited_1.jpeg.webp?itok=4D-2x0tp)
Effective cybersecurity involves regularly assessing the effectiveness of your organization’s policies, tools, and processes to ensure you’re staying ahead of the curve. In order to gain insight into your cybersecurity performance, you need clear, continuous, actionable metrics that you can track over time and compare to peers, competitors, and across business units.
![The State of Security in the Boardroom](/sites/default/files/styles/4_3_small/public/migration/images/5.18-SecurityinBoardroom-Blog_2.jpg.webp?itok=pOa1S1SG)
In today’s evolving cyber risk landscape, Boards of Directors are becoming increasingly concerned about their company’s security performance. In fact, the NACD has found that 89% of public companies and 72% of private companies regularly discuss security at Board meetings. While they are asking for updates on enterprise cybersecurity posture more often, they do not necessarily have the expertise or experience to know what to ask for — or how to interpret the technical information presented to them.
![7 Cyber Security KPIs That Will Resonate On A Cybersecurity Dashboard For Your Board of Directors](/sites/default/files/styles/4_3_small/public/2023/06/22/7%20Cyber%20Security%20KPIs%20That%20Will%20Resonate%20On%20A%20Cybersecurity%20Dashboard%20For%20Your%20Board%20of%20Directors.jpg.webp?itok=XIyINUWV)
Quantifying and tracking your cybersecurity performance so you can compare your organization to others, also known as benchmarking, is necessary to improving the effectiveness of your security programs.
![What to Expect in Your CISO’s Cybersecurity Presentation](/sites/default/files/styles/4_3_small/public/migration/images/5.4-Board-Member-CISO-Cybersecurity-Presentation-Blog_1.png.webp?itok=lGeX72XZ)
As a member of your company’s board, you know that cybersecurity is a critical risk that simply cannot be ignored, and that should be reported on regularly by the appropriate executives. According to the 2017 NACD Director’s Handbook on Cyber-Risk Oversight, 89 percent of public-company directors say cybersecurity is discussed regularly in board meetings, and 72 percent of private-company directors say the same. Most companies are clearly moving in the right direction.