Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
Security professionals have an ambitious goal to prevent the majority of cyber attacks. Bitsight's Control Insights lets you consistently and reliably measure the effectiveness of security controls.
What is a cybersecurity risk taxonomy and how can you use it to guide your organization’s security program and investments?
Cybersecurity is a priority for any organization and a big-ticket budget line item. But before investments in security are made, your organization must understand what it is doing right and where improvements to your cybersecurity program are needed.
Typically, this involves conducting a periodic security audit. But these assessments only capture a point-in-time view of the effectiveness of your security controls – and are incredibly resource-intensive.
Typically, this involves conducting a periodic security audit. But these assessments only capture a point-in-time view of the effectiveness of your security controls – and are incredibly resource-intensive.
Work from home practices introduce significant cyber risk to any organization. Worryingly, Bitsight research discovered that remote office networks are 7.5 times more likely to have at least five distinct malware families on them than a corporate network.
As remote workforces become the norm, this should ring alarm bells for security leaders. When an employee uses a corporate device on a home network, malware can propagate to the corporate network. This is especially problematic given user behavior and the dynamics of home networks. In 52% of cases, corporate-issued devices are used by family members or trusted friends. These assets also share the same network as potentially insecure IoT devices such as alarm systems, smart TVs, refrigerators, and more.
As remote workforces become the norm, this should ring alarm bells for security leaders. When an employee uses a corporate device on a home network, malware can propagate to the corporate network. This is especially problematic given user behavior and the dynamics of home networks. In 52% of cases, corporate-issued devices are used by family members or trusted friends. These assets also share the same network as potentially insecure IoT devices such as alarm systems, smart TVs, refrigerators, and more.
As cyberattacks surge, you’re charged with protecting your organization’s expanding digital footprint. But what about the risk posed by vendors?
If your organization is entering into a relationship with a vendor or partner, vendor due diligence is key to mitigating third-party risk.
To serve your customers and realize efficiencies, your organization may work with dozens if not hundreds of third parties including partners, vendors, cloud service providers, and subcontractors.
These days, we often hear the word “quarantine” in everyday conversations--but quarantining takes on a different meaning when it comes to protecting your network.
Often, when we discuss quarantining from a cyber security perspective we’re referring to network segmentation cyber security. But what is network segmentation, and is it the right approach for your organization? The answer to the first part is easy. The second is a bit more complicated.
Often, when we discuss quarantining from a cyber security perspective we’re referring to network segmentation cyber security. But what is network segmentation, and is it the right approach for your organization? The answer to the first part is easy. The second is a bit more complicated.
Cybersecurity is one of the biggest threats to global commerce in the 21st century.
With the average cost of a data breach in the U.S. reaching nearly $8.6 million, your organization can’t afford to ignore cybersecurity risk. Indeed, the need for security risk management is greater than ever. When cyber risk is managed more effectively, you can focus on innovation and driving business growth.
With cyberattacks on the rise, security investments are more important than ever. Still, the pandemic has forced many organizations to reconsider how they allocate their IT dollars. Between the new work-from-home paradigm and the increasingly global nature of many modern workplaces, CIOs have had to accelerate investments in cloud solutions and remote technology.
Recent events have made cybersecurity a top concern among C-suite executives. The SolarWinds breach, Capital One incident, and Colonial Pipeline attack are just a few of the noteworthy events that have made CEOs and CFOs take active roles in discussions around risk mitigation.
The term “digital resilience” has gained momentum over the past few years as cybersecurity threats have grown, but what does it really mean? And how can a company become digitally resilient?
In light of recent significant attacks targeting the U.S. government, the Biden administration issued an Executive Order (EO) on cybersecurity on May 8, 2021.
Overall, the EO starts to fill in some critical gaps in US government cybersecurity capabilities. The EO is designed primarily to protect Federal infrastructure, but will also have significant impact on private sector service providers (e.g. software providers) who will now be required to meet new security requirements in order to do business with the U.S. government.
Overall, the EO starts to fill in some critical gaps in US government cybersecurity capabilities. The EO is designed primarily to protect Federal infrastructure, but will also have significant impact on private sector service providers (e.g. software providers) who will now be required to meet new security requirements in order to do business with the U.S. government.
The unfolding Hafnium attack is the latest event in the trend of cyber events. CISO’s are starting to recognize that enterprise cyber security is being redefined to mean me and all my suppliers, or the combination of first and third party cyber risk is enterprise risk. NotPetya demonstrated that breaching a small accounting firm could cost a firm like Merck over $1B in damage.