Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
![Blog Image KEV Research Announcement](/sites/default/files/styles/cta/public/2024/05/01/Blog%20Image%20KEV%20Research%20Announcement.png?itok=dUMFV8Tg)
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
![BitSight Study: Just How Secure is the Business Services Sector?](/sites/default/files/styles/4_3_small/public/migration/images/Business%2520Services%2520Blog_1.jpg.webp?itok=DOtKZHgy)
Management consultants, accountants, public safety offices, marketing firms, and many more business and professional services organizations are high-value targets for cybercriminals due to the range of confidential client information they handle. Companies in this sector should all have solid security postures — and many do. But there’s still an alarming number of enterprises that do not.
![Airbus Incident Shines Spotlight on Third-Party Vendor Security Risks](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1319730824_1.jpg.webp?itok=SWXTMUgV)
2019 has been a year of high-profile attacks, and, as we predicted, it’s only getting worse. That’s certainly the case for Airbus.
![Financial Data Breaches 2019: Capital One, First American, Desjardins, More](/sites/default/files/styles/4_3_small/public/migration/images/AdobeStock_93365244-min-1_1.jpeg.webp?itok=svdukgNU)
Cyber attacks are occurring more frequently and banks, insurance companies, and other financial services firms are prime targets. Due to the nature of these businesses and the sensitivity of their data, financial firms are hit with approximately 300 times more cyber attacks than businesses in other industries.
![Social Engineering: How Attackers Exploit People's Vulnerabilities](/sites/default/files/styles/4_3_small/public/migration/images/9.28%2520-%2520Social%2520Engineering%2520Blog_1.jpg.webp?itok=1c7i60GQ)
A new report from the Information Security Forum (ISF) contains some fascinating insights into how hackers probe and exploit people's psychological vulnerabilities to gain access to corporate systems. From phishing to "whaling" (targeting high level executives) to "baiting" (offering something in return for credentials or information), hackers are using several tactics to gain a foothold. They also know the best time to deploy those tactics – at the end of the day, for example, when a person is tired and may not make the best decisions.
![Just How Secure is the Technology Sector?](/sites/default/files/styles/4_3_small/public/migration/images/924%2520Blog_3.jpg.webp?itok=dZzXDUA3)
Technology companies — along with their partner ecosystems — are some of the most targeted organizations when it comes to cyber-attacks. In 2018, enterprises invested an average of 3.5 million on cloud apps, platforms, and services — making the sensitive information held in those platforms a top target for hackers.
![Turning Business Unit Heads Into Security Management Leaders](/sites/default/files/styles/4_3_small/public/migration/images/920%2520Blog_1.jpg.webp?itok=XTYOWqWu)
The old adage “it’s hard to find good help these days” has never been more true than when talking about security management. The well-documented cybersecurity shortage is very real, and the long hours and pressure experienced by those who are in charge of security performance management is causing stress and burnout.
![BitSight Study: Healthcare Sector is Far Too Vulnerable to Cyber Threats](/sites/default/files/styles/4_3_small/public/migration/images/917%2520Blog%2520%25281%2529_1.jpg.webp?itok=BcJCXMnM)
Healthcare is under attack. Hospitals, doctors’ networks, insurance companies, and others are prime targets for hackers due to the valuable protected health information (PHI) they store and the vital role they play in our nation’s critical infrastructure.
![What Boards of Directors Are Missing about Cybersecurity](/sites/default/files/styles/4_3_small/public/migration/images/What_Boards_of_Directors_Are_Missing_about_Cybersecurity_1.jpeg.webp?itok=W9mThRcg)
Cyberattacks have increased significantly in recent years, bringing vital conversations about cybersecurity into the Boardroom. As Board oversight of cybersecurity has increased, Board members — even those without technical expertise — have had to become rapidly acquainted with IT risk and security concepts. In the past few years, frameworks and best practices have emerged to help these Boards get a grip on their organization’s cybersecurity posture.
![New Forrester Study Highlights Need for Security Performance Management](/sites/default/files/styles/4_3_small/public/migration/images/95%2520blog_1.jpg.webp?itok=GD2aZ1Qi)
In a new Forrester study commissioned by Bitsight, “Better Security And Business Outcomes With Security Performance Management”, key findings implicate the strong need for businesses worldwide to invest in a robust security performance management program. In fact, results from this study showed that companies using formal security metrics are more likely to have seen a 10% or greater increase in their security budget in the last year. Ultimately, this investment allows organizations to leverage this information to win business.
![As the Capital One Breach Proves, Effective CISO Leadership Starts with Culture](/sites/default/files/styles/4_3_small/public/migration/images/830%2520blog_1.jpg.webp?itok=aptyxvW3)
As the fallout from the Capital One data breach continues, new lessons are being learned. Although technical failings were at the heart of the breach, a recent article in the The Wall Street Journal points to a series of overlooked issues that produced perfect storm conditions for the attack.
![How Much Does a Data Breach Cost in 2019?](/sites/default/files/styles/4_3_small/public/migration/images/Calculating%2520The%2520Cost%2520Of%2520A%2520Data%2520Breach%2520Factors%2520You%2520Should%2520Keep%2520In%2520Mind%2520-%2520thumb_1.jpg.webp?itok=gGndBCHn)
This post was originally published October 31, 2016 and has been updated for accuracy and comprehensiveness
![Study: Hackers Look to Maximize Damage With New Ransomware Strategy](/sites/default/files/styles/4_3_small/public/migration/images/823%2520blog_1.jpg.webp?itok=D32EJSYX)
Cybersecurity threats are becoming more sophisticated, targeted, and potentially catastrophic. This is particularly true of the most dominant form of cyberattack – ransomware.
![Who Reports to Whom? CISO, CIO, CEO: Cybersecurity Reporting Structures](/sites/default/files/styles/4_3_small/public/2022/06/07/AdobeStock_171185574_1.jpg.webp?itok=jRwC95cg)
Cybersecurity and cyber risk are increasingly getting their own C-suite positions. From 2016 to 2017, the number of organizations with a CISO (chief information security officer) rose from 50% to 65%. Other security and risk-related executive positions like chief risk officer (CRO) and chief data officer (CDO) have also grown in popularity.
![SOC Stress: The Security Threat That Nobody is Talking About](/sites/default/files/styles/4_3_small/public/migration/images/816%2520blog%2520%25282%2529_1.jpg.webp?itok=XFR-IU5c)
Stress and burnout is emerging as perhaps the biggest threat to corporate security. Long hours, alert overload, and a lack of visibility into their IT infrastructure have many security professionals reconsidering their chosen careers.
![It’s Time for CISOs to Take a Seat at the Table](/sites/default/files/styles/4_3_small/public/migration/images/CISO%2520Seat%2520at%2520Table%2520-%2520FB%2520Social%2520Graphic%2520Main%2520Blog%2520Image_1.jpg.webp?itok=Z4UBIqNW)
It doesn’t matter what business you’re in — cybersecurity has become extremely important to both your organization’s reputation and its bottom line. According to reports, the average cost of a data breach is $3.86 million.