Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
![Blog Image KEV Research Announcement](/sites/default/files/styles/cta/public/2024/05/01/Blog%20Image%20KEV%20Research%20Announcement.png?itok=dUMFV8Tg)
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
![The Latest Cybersecurity Trends in State Government Entities](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_669226078_1.jpg.webp?itok=kJVaBcJX)
It should come as no surprise that the cybersecurity landscape has been changing dramatically throughout the year 2020. According to Bitsight research, up to 85% of the workforce in some industries has shifted to remote work in response to the COVID-19 pandemic — introducing corporate devices to a variety of new and evolving cyber threats. While malicious actors are taking advantage of this opportunity to advance their nefarious objectives, security teams are racing to adapt to our “new normal” operating environment so that they can continue to effectively mitigate risk across their growing attack surfaces.
![5 Ways to Transform Your Security Program](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1065742220_1.jpg.webp?itok=4fzq4KoQ)
Between difficulty communicating with boards and executives, decreasing budgets, and difficulty measuring how exactly risk was being reduced, security leaders are under pressure to change the way they do things. The situation for security leaders was already changing heading into 2020, with decreasing budgets and increasingly skeptical boards citing little change in security performance to show for their investments.
![U.S. Election Security, Part 1: Voting Systems Vendors’ Cybersecurity is Improving](/sites/default/files/styles/4_3_small/public/migration/images/US_ElectionSecurityPart1_BlogImages_1.jpg.webp?itok=VNGiY9VU)
Significant concerns have been raised about the security of the 2020 United States election. Hundreds of millions of dollars in Federal funding has been made available to state and local governments to improve the security of election systems and remediate vulnerabilities within critical organizations. Congressional hearings have highlighted risks to electronic voting systems and the vendors who manufacture them. Government task forces have been created to address the challenge.
![Who’s Ready for the CMMC? What Data Reveals About Defense Sector Cybersecurity](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_157332656_1.jpg.webp?itok=siC2xAko)
In the upcoming months, the Cybersecurity Maturity Model Certification (CMMC) will go live. Thousands of third party assessors will begin cybersecurity assessments of hundreds of thousands of U.S. Defense contractors. What will the assessors find?
![4 Ways Security Leaders Can Lead Business Transformation](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1105484522_1.jpg.webp?itok=iHMZpHxA)
It’s easy to forget that cybersecurity teams were facing significant headwinds going into 2020. After years of ever expanding budgets, new tech and new tools, a string of public breaches (in spite of the growing spend), hard questions from the board, and outcomes that were difficult to measure all raised significant questions for security and risk leaders as well as the industry in general.
![Automation: The Key to Optimizing Your Risk Assessment Process](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_525065503_1.jpg.webp?itok=IyjU6GD5)
In response to the global COVID-19 pandemic, more employees have been working from home over the past several months than ever before. In fact, during the period of March 2020, we looked at a sample size of 41,000 organizations and found that up to 85% of the workforce in some industries had shifted to remote work.
![3 Ways to Improve Your Vendor Lifecycle & Make it More Efficient](/sites/default/files/styles/4_3_small/public/migration/images/3%2520ways%2520to%2520improve%2520vendor%2520lifecycle%2520management%2520blog_1.jpg.webp?itok=709DHoAh)
During this dynamic and stressful workplace environment 2020 has brought us, finding the most efficient ways to perform in your job has never been more important. When it comes to managing your vendor lifecycle, there are three ways you can implement more efficient processes to save time and money for your business.
![Content Security Policy Limits Dangerous Activity… So Why Isn’t Everyone Doing It?](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_599391605_1.jpg.webp?itok=wPwcjqHV)
Online services, e-commerce sites, videoconference, delivery services, and all other kinds of services are growing exponentially, exposing users and data to new risks and threats. Users expect that the sites and services they rely on are using best practices when it comes to security. But are they?
![The Competitive Advantage of a Strong Security Program](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1712588752_1.jpg.webp?itok=NgSZhupr)
In today’s competitive marketplace, more and more companies are realizing that maintaining a good security posture is a crucial market differentiator — playing an essential role in their ability to earn customer trust and protect their brand reputation. In fact, as stated in a recent Forrester study commissioned by Bitsight, Better Security and Business Outcomes With Security Performance Management, “companies win and lose business based on both real and perceived security performance challenges — meaning security is now responsible for protecting, enabling, and even creating, revenue growth opportunities.”
![BlueKeep Continues to Plague the World a Year After Emergence](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_744577681_1.jpg.webp?itok=sLWrHO0e)
Since its advent in May 2019, BlueKeep (CVE-2019-0708) has been observed to pose risks to information security worldwide. It is a vulnerability associated with a wide range of Microsoft operating systems that affords a bad actor leverage to remotely execute malicious code on affected devices. Remediation involves updating to the latest Microsoft security patches released to mitigate BlueKeep. Sectors that use Microsoft products extensively and persist in using outdated software are particularly susceptible to this threat.
![Grow Your Business Without Increasing Your Attack Surface Vulnerabilities](/sites/default/files/styles/4_3_small/public/migration/images/Attack%2520surface%2520SPM%2520blog%2520picture_1.jpg.webp?itok=4sbqDL6n)
With the expanding perimeter companies are creating as they move more of their business into the cloud, as well the addition of work-from-home network connections, there is a greater attack surface for hackers to penetrate. Focusing on these three attack surface risk reductions best practices will help security managers protect their programs.
![Employee Spotlight](/sites/default/files/styles/4_3_small/public/2022/02/18/employee%2520spotlight%2520banner_13.png.webp?itok=WGk1kwQh)
I started in May 2019, so it’s been almost a year. I started as a sales development rep (SDR). As an SDR, my role and my focus was to find the best potential prospects for my representatives. I was looking in the UK market and in South Africa. Basically, my goal was to find not only the right people, but also the right companies and organizations to connect with. I didn’t want to waste my rep’s time with a call that wasn’t worth it, and it was quite a challenge in the beginning because I didn’t have a tech background and I had to learn and study a lot.
Of course you want to speak with the CISO, CTO, and CSO, but sometimes you have the ESOs who are really cool people to speak to as well. You have to balance all this when you’re doing research. In the EMEA market it’s a different approach from what you guys do here in the US. You need to be very
Of course you want to speak with the CISO, CTO, and CSO, but sometimes you have the ESOs who are really cool people to speak to as well. You have to balance all this when you’re doing research. In the EMEA market it’s a different approach from what you guys do here in the US. You need to be very
![Lessons Learned From The Garmin Cyberattack](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1211178508_1.jpg.webp?itok=PNsDPpcm)
In the cybersecurity industry we deal with news of breaches or potential threats nearly every day, but when you really think about it, it’s bizarrely rare how little these events impact our everyday lives. Yes, they impact the professional lives of many and have serious business consequences, but perhaps one reason for the lack of urgency society seems to show on the issue is that these tend to be fairly low visibility events for the average person. Even something like the Target or Capital One breaches happened at a remove for most people in the world, with little impact on our daily lives.
![Discover and Mitigate Cyber Risk Across Your Cloud Environment](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_222190471_1.jpg.webp?itok=IQs3d9wm)
Did you know that the volume of attacks on cloud services more than doubled in 2019? According to the 2020 Trustwave Global Security Report, cloud environments are now the third most targeted environment for cyber attacks. While these incidents are on the rise, migrating to the cloud is no longer optional for many organizations, due to the widespread shift to remote work. In today’s ever-evolving, dynamic security landscape, mitigating risk effectively requires thorough cloud security monitoring and continued visibility into your expanding attack surface.
![Employee Spotlight](/sites/default/files/styles/4_3_small/public/2022/02/18/employee%2520spotlight%2520banner_13.png.webp?itok=WGk1kwQh)
What do you do at Bitsight and when did you start?
I started at Bitsight in May 2018.
I started at Bitsight in May 2018.