Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
![Blog Image KEV Research Announcement](/sites/default/files/styles/cta/public/2024/05/01/Blog%20Image%20KEV%20Research%20Announcement.png?itok=dUMFV8Tg)
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
![5 Ways to Justify Security Investments in the Face of Budget Cuts](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_753656569_1.jpg.webp?itok=xG_Vffa1)
For years cybersecurity spending has experienced stratospheric growth. Then COVID-19 hit and forecasts took a grim turn.
![How Automation Helps Security Teams Adjust to the Work-from-Home SOC](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_669226183_1.jpg.webp?itok=HaR4-SZV)
While many companies have succeeded in creating a sustainable remote workforce, this “new normal” environment remains particularly challenging for security operations teams. Accustomed to working in a physical security operations center (SOC), where collaboration and teamwork is key, security teams must find ways to operate efficiently while working from home.
![How Government Agencies Can Migrate to the Cloud Securely](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1099367189_1.jpg.webp?itok=fBG7E0xL)
Driven by the need to collaborate across remote work environments, COVID-19 has sped up the adoption of cloud services by many government agencies. Yet, questions about security remain.
![The 2020 Verizon DBIR: If Nothing Changes, Then Nothing Changes](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1136227238_1.jpg.webp?itok=r9NGb8CC)
This week the 13th edition of the Verizon Data Breach Investigations Report (DBIR) was released, which is usually a hallmark event of the cybersecurity world. As we have been in previous years, Bitsight is proud to be a data contributor to the report. After taking some time to give it an initial read through, however, one thing stood out loud and clear to us: how little has changed after 13 years.
![Take Your Security Data to the Next Level](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1221723337_1.jpg.webp?itok=FhAq1wYk)
In today’s ever-evolving, increasingly complex threat landscape, it’s more important than ever to have the necessary insights and resources to make data-driven security performance management decisions.
![4 Ways to Mitigate Cyber Risk as Hackers Target COVID Researchers](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_761873584_1.jpg.webp?itok=O9iu1LE0)
As the U.S. biomedical community rushes to combat COVID-19, the FBI announced last week that, in a bid to win the race for a vaccine or cure, state-sponsored Chinese hackers are targeting U.S. researchers in an attempt to “obtain valuable intellectual property and public health data related to vaccines, treatments, and testing.”
![Report Shows Cyber Attacks on Cloud Services Have Doubled](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1458581246_1.jpg.webp?itok=A5jIX5Cx)
As cloud services increase in popularity, a worrying cybersecurity trend has emerged. According to the 2020 Trustwave Global Security Report, the volume of attacks on cloud services more than doubled in 2019 and accounted for 20% of investigated incidents. Although corporate and internal networks remain the most targeted domains, representing 54% of incidents, cloud environments are now the third most targeted environment for cyber attacks.
![How and When to Reassess Your Vendor’s Cybersecurity Posture](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1427663000_1.jpg.webp?itok=U860PgFg)
From a security perspective, your work isn’t done when a new vendor signs on the dotted line. After the onboarding process is complete, you must implement continuous monitoring practices to ensure your new third-party maintains the desired security posture — and doesn’t expose your organization to unwanted risk.
![The Shifting Role of the Security Professional: Doing More With Less](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_384090190_1.jpg.webp?itok=IQSITf83)
The COVID-19 outbreak has seen the roles of many cybersecurity professionals change — and many worry what it will mean for protecting their organizations from attacks.
![Shine a Light on Shadow IT](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_653465086_1.jpg.webp?itok=8X6ao8RG)
Over the last several years Shadow IT has grown from a minor annoyance into a major threat to business operations. While the term is often used to refer to runaway tech spending by users in marketing or dev-ops or finance, it has in fact become a much larger issue that involves the very core of organizational infrastructure with the potential to pose enormous cyber risk.
![BitSight Research Reveals Vulnerabilities in Point of Sales Systems](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1263203356_1.jpg.webp?itok=DUHPXoJ-)
When people talk about cybersecurity risks, the first area that normally comes to mind is malware. Some might even consider that it’s the worst event that can happen, as it normally indicates that a malicious actor has already bypassed the layers of security and now has free-reign to do what they want. The circumstances that led to the compromised systems, however, often tell a larger story. Issues like EternalBlue and BlueKeep require prompt response by system administrators in order to minimize the risk posed to their attack surface. Vulnerabilities often represent unpredictable changes of an organization’s attack surface that increase the risk of breach and compromise where the organization has to react accordingly based on their response plans and internal processes.
![Vendor Contract Do’s and Don’ts](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1148503103_1.jpg.webp?itok=LuYMO3SX)
According to an Opus and Ponemon Institute study, 59% of companies have experienced a data breach caused by one of their vendors or third parties — while only 16% claim they effectively mitigate third-party risks. Don’t be a part of these alarming statistics: In order to protect your organization’s valuable information, it’s critical that you set up the necessary security expectations from the onset of a new vendor relationship. Now, as an increasing percentage of businesses are moving to the remote office model, having these security conversations early on is even more critical — because residential IPs account for more than 90% of all observed malware infections and compromised systems.
![3 Ways to Mitigate Cyber Risk in Temporary COVID-19 Hospitals](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_642880945_1.jpg.webp?itok=qqZviqNy)
As cases of COVID-19 have grown, a lack of capacity has led governments to erect temporary hospitals in our nation’s stadiums, parks, and convention centers.
![You Can’t Secure What You Can’t See](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1396063595_1.jpg.webp?itok=0REXdk4D)
In the world of cybersecurity, there’s one ultimate truth that applies in every scenario: You can’t secure what you can’t see. Making informed, comparative decisions about your digital ecosystem requires you to understand where all your critical assets live — and any inherent risks present there. With as much as 75% of the workforce shifting to remote work in some industries, this visibility is more critical than ever.
![Pre-installed Android Threats: Data Insights](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_590576420_1.jpg.webp?itok=USgZm_Cj)
We used to think of malicious software — or malware as it’s more commonly known — as a threat to laptops and desktop computers. But as we are increasingly using mobile devices for many important things in our daily lives such as banking, cybercriminals are targeting smartphones and tablets more often. Consequently, Apple iOS and Android, which are the most popular mobile operating systems, have become targets for cybercriminals. Android still remains the most targeted because it has more market share and it’s open source, contrary to its direct competitor.