Insights blog.

Check out this Q&A with a Lisbon-based member of Bitsight's Customer Success team to learn about his role as a Senior Customer Success Manager, his experience, and more.

If you’re using a “one-size fits all” approach to managing your vendor lifecycle, you are missing opportunities to save money and operate more efficiently. Vendor management efficiencies don’t end in the onboarding stage: using a continuous vendor monitoring approach will help you better manage your third parties you worked so hard to onboard.

Data can be the key to making more informed, strategic cybersecurity decisions — and ensuring you’re spending your security dollars effectively. In order to get the most out of your increasingly limited security resources and meet or surpass industry benchmarks, you need visibility into the relative performance of your security program — and insight into the cyber risk present across your ecosystem.

Recently, the National Institute of Standards & Technology (NIST) released a guide for federal agencies to apply the NIST Cybersecurity Framework to government affairs. This comes during a time of heightened attention on the government’s cybersecurity efforts leading up to the election.

It should come as no surprise that the cybersecurity landscape has been changing dramatically throughout the year 2020. According to Bitsight research, up to 85% of the workforce in some industries has shifted to remote work in response to the COVID-19 pandemic — introducing corporate devices to a variety of new and evolving cyber threats. While malicious actors are taking advantage of this opportunity to advance their nefarious objectives, security teams are racing to adapt to our “new normal” operating environment so that they can continue to effectively mitigate risk across their growing attack surfaces.

Between difficulty communicating with boards and executives, decreasing budgets, and difficulty measuring how exactly risk was being reduced, security leaders are under pressure to change the way they do things. The situation for security leaders was already changing heading into 2020, with decreasing budgets and increasingly skeptical boards citing little change in security performance to show for their investments.

Significant concerns have been raised about the security of the 2020 United States election. Hundreds of millions of dollars in Federal funding has been made available to state and local governments to improve the security of election systems and remediate vulnerabilities within critical organizations. Congressional hearings have highlighted risks to electronic voting systems and the vendors who manufacture them. Government task forces have been created to address the challenge.

In the upcoming months, the Cybersecurity Maturity Model Certification (CMMC) will go live. Thousands of third party assessors will begin cybersecurity assessments of hundreds of thousands of U.S. Defense contractors.  What will the assessors find? 

It’s easy to forget that cybersecurity teams were facing significant headwinds going into 2020. After years of ever expanding budgets, new tech and new tools, a string of public breaches (in spite of the growing spend), hard questions from the board, and outcomes that were difficult to measure all raised significant questions for security and risk leaders as well as the industry in general.

In response to the global COVID-19 pandemic, more employees have been working from home over the past several months than ever before. In fact, during the period of March 2020, we looked at a sample size of 41,000 organizations and found that up to 85% of the workforce in some industries had shifted to remote work. 

During this dynamic and stressful workplace environment 2020 has brought us, finding the most efficient ways to perform in your job has never been more important. When it comes to managing your vendor lifecycle, there are three ways you can implement more efficient processes to save time and money for your business.

Online services, e-commerce sites, videoconference, delivery services, and all other kinds of services are growing exponentially, exposing users and data to new risks and threats.  Users expect that the sites and services they rely on are using best practices when it comes to security.  But are they?

In today’s competitive marketplace, more and more companies are realizing that maintaining a good security posture is a crucial market differentiator — playing an essential role in their ability  to earn customer trust and protect their brand reputation. In fact, as stated in a recent Forrester study commissioned by Bitsight, Better Security and Business Outcomes With Security Performance Management, “companies win and lose business based on both real and perceived security performance challenges — meaning security is now responsible for protecting, enabling, and even creating, revenue growth opportunities.”

Since its advent in May 2019, BlueKeep (CVE-2019-0708) has been observed to pose risks to information security worldwide. It is a vulnerability associated with a wide range of Microsoft operating systems that affords a bad actor leverage to remotely execute malicious code on affected devices. Remediation involves updating to the latest Microsoft security patches released to mitigate BlueKeep. Sectors that use Microsoft products extensively and persist in using outdated software are particularly susceptible to this threat.

With the expanding perimeter companies are creating as they move more of their business into the cloud, as well the addition of work-from-home network connections, there is a greater attack surface for hackers to penetrate. Focusing on these three attack surface risk reductions best practices will help security managers protect their programs.