Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
![Blog Image KEV Research Announcement](/sites/default/files/styles/cta/public/2024/05/01/Blog%20Image%20KEV%20Research%20Announcement.png?itok=dUMFV8Tg)
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
![Worthwhile TPRM Certifications for Security & Risk Professionals](/sites/default/files/styles/4_3_small/public/migration/images/AdobeStock_214874828-min_1.jpeg.webp?itok=e7WxrZna)
As the importance of third-party risk management (TPRM) continues to grow, organizations are hiring for related roles more seriously than ever before. To compensate, security and risk professionals are seeking out certification programs in TPRM to learn new skills and validate their expertise.
![Cloud Security: Lessons Learned from the Capital One Data Breach](/sites/default/files/styles/4_3_small/public/migration/images/89%2520blog%2520%25281%2529-1_1.jpg.webp?itok=aPBmCiJf)
2019 has already been rife with cybersecurity woes. Unfortunately, as we enter the second half of the year, things are going from bad to worse.
![State of BlueKeep Exposure & Insight Into Affected Systems](/sites/default/files/styles/4_3_small/public/migration/images/87%2520blog_1.jpg.webp?itok=XE_FBPUK)
In the weeks since our previous post, we’ve seen development in the security community withthe release of an exploit into a commercial product as well as the announcement of theunreleased integration of an exploit into Rapid7’s Metasploit framework. During this time, wewanted to provide an update of affected machines, but also dive a bit deeper into thecharacteristics of the individual systems that remain exposed and unpatched.
![CISOs Are Burning Out: Here’s How to Fix It](/sites/default/files/styles/4_3_small/public/2022/06/07/bigstock--218873089_1.jpg.webp?itok=NCBDnCoO)
Everyone experiences stress in their jobs, but security leaders may have it worse than most. According to Dark Reading, 60% of CISOs admit they rarely disconnect from work, while 88% work more than 40 hours per week. It’s no surprise that 51% of tech executives experience stress-related illnesses as a result of cyberattacks, tech outages, and breaches – a number that increases to 56% among CTOs and CIOs.
![Equifax Data Breach Settlement is a Warning Shot to Businesses Everywhere](/sites/default/files/styles/4_3_small/public/migration/images/726%2520blog%2520%25281%2529_1.jpg.webp?itok=8NzQC9hi)
The summer of 2019 is proving to be a cybersecurity record breaker – for all the wrong reasons. In the past two weeks, businesses in Europe and the U.S. were levied massive penalties after probes into data breaches that left consumer data exposed.
![Third-Party Insight into Triada & Related Families](/sites/default/files/styles/4_3_small/public/migration/images/717%2520Triada%2520Blog%2520Graphic_1.jpg.webp?itok=4crdrXqe)
A few weeks ago Google confirmed that there was malware pre-installed on a number of Android devices due to a supply-chain attack. The latest installment was discovered by security researchers from Dr.Web who have been investigating this situation for several years as it was already theorized by security researchers back in July 2017 that these infections originated as part of a supply-chain attack. In this instance, these devices were pre-installed with Triada, a form of Android malware that has been studied and reported on by Kaspersky and most recently Google in its attempt to surface this critical information to users and the wider community.
![GDPR Shows Its Teeth, Goes After Breached Companies](/sites/default/files/styles/4_3_small/public/migration/images/719%2520blog%2520%25284%2529_1.jpg.webp?itok=KUuVAVar)
In 2018, the European Union (EU) General Data Protection Regulation (GDPR) heralded in the most important change in data privacy regulation in 20 years.
![Industry Response to the BlueKeep Vulnerability](/sites/default/files/styles/4_3_small/public/migration/images/717%2520blog_1.jpg.webp?itok=OZJL8vo_)
It’s been five weeks since we first posted about the exposure of the BlueKeep vulnerability on the external networks of many organizations across the world. There have been further developments regarding the capabilities of the vulnerability including that both the DHS developed a working exploit and individuals from the private sector have also developed a remote code exploit. Both of these milestones further demonstrate the risk introduced by this vulnerability and the pressing statements by Microsoft and the NSA to patch.
![An Update on the State of Cyber Risk in Spain](/sites/default/files/styles/4_3_small/public/migration/images/716%2520blog_1.jpg.webp?itok=1kgQ-WjY)
Today ElevenPaths, the Telefónica Group’s global cybersecurity unit, released a report highlighting cybersecurity trends for the first half of 2019. As a follow-up to a November 2018 report, ElevenPaths again takes a close look at how cybersecurity is trending in Spain and compares statistics for Spain against the whole of Europe.
![Report: Cybersecurity Skills Shortage Requires Different Approach](/sites/default/files/styles/4_3_small/public/migration/images/711%2520blog_1.png.webp?itok=9kWANbSk)
If your organization is grappling with a tight cybersecurity talent pool, you’re not alone. According to Gartner, 61% of organizations struggle to hire security professionals. It’s a problem that’s only going to get worse. The Harvard Business Review predicts that, by 2020, there will be more than 1.5 million unfilled cyber positions worldwide.
![Average Cost of Cyberattacks Soars to $4.6 Million Per Incident](/sites/default/files/styles/4_3_small/public/migration/images/bigstock-Futuristic-Raise-Arrow-Chart-D-270585412_1.jpg.webp?itok=_8UhsrPf)
The aftermath of a cyber breach can be costly. But just how expensive and where the brunt of that financial impact falls has been somewhat unclear, until now.
![New Iranian Cyber Warfare Puts U.S. Networks at Risk](/sites/default/files/styles/4_3_small/public/migration/images/bigstock--202598437-1_1.jpg.webp?itok=5PYU3v37)
As tensions between the U.S. and Iran continue to heat up, a cyber war is already underway between the two nations.
![Research Paper Validates Security Ratings’ Correlation to Likelihood of Breach](/sites/default/files/styles/4_3_small/public/migration/images/bigstock-Businessman-Pressing-Security--301990636_1.jpg.webp?itok=0lLT-1-M)
This spring, the research paper titled “Risky Business: Assessing Security with External Measurements” was published on Cornell’s academic resource site. Authored by former Bitsight data scientist, Jay Jacobs, as well as fellow academics Stephanie Forrest and Benjamin Edwards, this paper highlights the research done to correlate security ratings with the incident of a breach. As such, the paper demonstrates how an organization’s security practices can be measured externally and how these practices can be linked to observed security problems. Using statistical analysis, the authors then study the correlation between risk vectors and botnet infections. The paper argues that this information is sufficient to assess the security maturity of an organization using only externally available information.
![Will BlueKeep Become WannaCry 2.0?](/sites/default/files/styles/4_3_small/public/migration/images/bigstock--215591209_1.jpg.webp?itok=RIsAbzVg)
A little over a month ago, Microsoft discovered a software security vulnerability that could ultimately lead to one of the worst cybersecurity attacks since 2017’s infamous WannaCry ransomware incident.
![Cyber Attacks Can Wreak Havoc on the Business in Multiple Ways](/sites/default/files/styles/4_3_small/public/migration/images/bigstock-Button-On-Virtual-Screen-Press-248084767_1.jpg.webp?itok=wp54zvpH)
The past few years have shown us that the cybersecurity landscape has only gotten more complex, as massive attack after massive attack —WannaCry and NotPetya ransomwares, at Uber Technologies in 2016, from the Shadow Brokers group, and many more — jolted enterprises around the world.