Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
![Blog Image KEV Research Announcement](/sites/default/files/styles/cta/public/2024/05/01/Blog%20Image%20KEV%20Research%20Announcement.png?itok=dUMFV8Tg)
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
![How to Determine the Right Level of Vendor Assessment](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1056582023_1.jpg.webp?itok=UjJCPQhe)
When onboarding new vendors, it takes the median company an average of 90 days to complete due diligence — 20 days longer than it did four years ago, according to Gartner. In a competitive business climate where speed can be the difference between success and failure, a lengthy onboarding process undercuts your organization’s efforts at digital transformation and growth acceleration. And now, with as much as 75% of the workforce in some industries shifting to remote work due to the coronavirus outbreak, finding operational efficiencies in your onboarding process is more important than ever.
![The Long-term Impact of COVID-19: How Security Leaders Can Adapt](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_638403709_1.jpg.webp?itok=bfxaJMrL)
In a matter of weeks, the COVID-19 pandemic has established a “new normal” in society. But it has also rapidly shifted the business of cybersecurity.
![Don't Think Migration to the Cloud is a Risk? Think Again.](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_611605280_1.jpg.webp?itok=_cD1HjdT)
The cornerstone of digital transformation is the migration of apps and data to the cloud. There are obvious benefits to doing this. Businesses become more nimble and agile, and the cost of maintenance and development is off-loaded to a third-party. The benefits are so profound that, as of 2019, 84% of businesses used cloud-based SAAS (software as a service) apps.
![How to Make Your Third-Party Risk Management Program More Efficient](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1110779549_1.jpg.webp?itok=tHZuEUiJ)
With as much as 75% of the workforce shifting to remote work in some industries, organizations around the world are seeking to rapidly acquire new software and technology to properly enable the business, facilitate the new needs of workers, and prevent employees from turning to unauthorized shadow IT.
![Understanding a Vendor’s Cybersecurity Risk](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1265499847_1.jpg.webp?itok=t-mPCLCF)
Did you know that, according to an Opus and Ponemon Institute study, 59% of companies have experienced a data breach caused by one of their vendors or third parties? During these uncertain times, when many industries are shifting to an increasingly remote workforce, organizations may feel pressure to accommodate new business requirements by onboarding new technology faster. However, given the frightening implications of a potential breach — and the fact that phishing attacks and other cyber scams are on the rise due to the ongoing coronavirus pandemic — it’s more important than ever that you consider a potential vendor’s cybersecurity posture before you sign on the dotted line.
![The Most Useful and Impactful Security Metrics Every CISO Should Have](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1219444957_1.jpg.webp?itok=70SlNa73)
Security leaders are increasingly making their cases through metrics. Data-driven measurement of cybersecurity performance can be used to justify spending, quantify risk, and more.
![Is Your Reputation at Stake?](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1361000201_1.jpg.webp?itok=HKRRaRPO)
It’s often said that our reputation precedes us. When it comes to the damage that can be done by a cybersecurity incident, that couldn’t be more true. In today’s security-focused world, a single breach can dramatically impact the public perception of your organization, ultimately leading to a loss of business and a hit to your bottom line.
![Identifying Unique Risks of Work from Home Remote Office Networks](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1056112217%2520%25281%2529_1.jpg.webp?itok=CSEeGyZQ)
During the period of March 2020, we looked at a sample size of 41,000 US-based organizations to understand the difference between corporate networks and Work From Home-Remote Office (WFH-RO) networks from a cyber-risk perspective.
![Optimize Your Vendor Onboarding Process With Security Ratings](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_439385911_1.jpg.webp?itok=ozlrkczh)
Third parties can play an essential role in your ability to grow your business and remain competitive. Of course, if you’re not careful, these trusted partnerships may introduce unwanted cyber risk into your organization. This is particularly true as more and more businesses are moving to mandated work-from-home models — because residential IPs account for more than 90% of all observed malware infections and compromised systems. With this widespread workforce shift, new vulnerabilities are being introduced both internally and within your third-party network, thereby increasing risk across your ecosystem as a whole.
![Collaboration Tools Expose the Remote Office to New Vulnerabilities](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_302508602_1.jpg.webp?itok=zda-wyQG)
As the COVID-19 pandemic sees millions of employees shift to a work-from-home model, collaboration tools like Zoom and Slack have never been more critical or popular. Zoom is currently experiencing a 378% year-over-year growth in its daily active user count and was downloaded 2.13 million times in a single day as lockdowns went into effect worldwide.
![Reduce the Risk in Your Digital Ecosystem](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1056112217_1.jpg.webp?itok=sZchxcyX)
Cyber risk reduction is emerging as one of the most significant issues organizations face when managing their cybersecurity. As digital ecosystems expand, it’s crucial that organizations have insight into their core digital assets and the level of risk present. To improve performance over time, it’s critical to have visibility into your attack surface across various environments. With as much as 75% of the workforce shifting to remote work in some industries, this visibility is more important than ever.
![Vendor Onboarding 101: Balancing Security and Speed](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1166819983_1.jpg.webp?itok=b7kiWTJx)
In today’s ever-evolving, competitive business climate, organizations are partnering with more and more vendors to ensure they’re as agile, flexible, and efficient as possible. Now, at a time when as much as 75% of the workforce is shifting to remote work in some industries, this is more true than ever — with organizations seeking to rapidly acquire new software and technology to help accommodate new business requirements.
![Government Teleworking Could Last for Months, Exacerbating Cyber Risk](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1110675746_1.jpg.webp?itok=bB0yp2Ux)
As federal government guidance on social distancing due to the COVID-19 pandemic is extended through April, a new reality is setting in for federal workers — a prolonged period of telework, even beyond the coronavirus crisis.
![Coronavirus Pandemic Leads to New and Evolving Cyber Threats](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_222984970_1.jpg.webp?itok=stQwlLIz)
Over recent weeks, the ongoing spread of the COVID-19 coronavirus has had a major impact on the global economy and how businesses operate as a whole. More and more organizations are moving to a mandated work from home (WFH) model to help limit the spread of the virus — introducing a variety of unique and constantly evolving challenges for security leaders when it comes to mitigating cyber risk.
![Coronavirus Pandemic Highlights Government Cyber Vulnerabilities](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_669226093_1.jpg.webp?itok=Uc-L7bZo)
As citizens adjust their daily lives to reduce the chances of catching or spreading COVID-19, the risks associated with the pandemic are extending beyond a national health and economic crisis. Cyberthreats, including phishing scams, spam, and other attacks against organizations are spiking by as much as 40% as bad actors seek to take advantage of global uncertainty and anxiety, according to new data from CNBC.