Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
Between difficulty communicating with boards and executives, decreasing budgets, and difficulty measuring how exactly risk was being reduced, security leaders are under pressure to change the way they do things. The situation for security leaders was already changing heading into 2020, with decreasing budgets and increasingly skeptical boards citing little change in security performance to show for their investments.
Cloud computing is not new to the cyber world; it’s here to stay. Web services are common in our everyday lives and workplaces, with things like Facebook, Salesforce, JIRA, Adobe, and GSuite all falling into the cloud-based category. But who is responsible for breaches in the cloud data, the service provider or the organization using their services?
In the cybersecurity industry we deal with news of breaches or potential threats nearly every day, but when you really think about it, it’s bizarrely rare how little these events impact our everyday lives. Yes, they impact the professional lives of many and have serious business consequences, but perhaps one reason for the lack of urgency society seems to show on the issue is that these tend to be fairly low visibility events for the average person. Even something like the Target or Capital One breaches happened at a remove for most people in the world, with little impact on our daily lives.
As companies continue to try and manage the massive changes to work driven by COVID-19, security teams have faced immense pressure to rise to the challenge and keep companies secure. In the face of the large scale shift to work from home, expansion of the vendor ecosystem and digital attack surface, and disruptions to operations, it’s vital that security teams focus their efforts on areas of risk concentration.
The global cybersecurity market is currently worth $173 billion and expected to grow to $270 billion by 2026. Yet as organizations invest more in security technology, a new global survey by IBM Security and the Ponemon Institute suggests that security response efforts are “hindered by the use of too many security tools, as well as a lack of specific playbooks for common attack types.” Of those surveyed, 74% of respondents report that their response plans are ad-hoc, applied inconsistently, or that they have no plans at all.
Given the recent security breaches and reported hacking attempts, it is increasingly important for companies to have a handle on their most sensitive data. Sensitive data can include employees’ personal information, customer information, trade secrets, and other types of data that would cause internal breaches to company information if obtained by a hacker. To identify your organizations’ sensitive data points, refer to our recent article highlighting 5 examples of sensitive data.
Working from home introduces significant cyber risk to any organization. However, recent events reveal that it’s not a case of “if” but “when” bad actors will exploit the rampant vulnerabilities on home networks.
This week the New York Times released a report warning that a group of Russian hackers going by the name “Evil Corp” has been attempting to exploit the rampant vulnerabilities presented by the US workforce shifting to working from home at remote offices, raising fears that major U.S. brands, news organizations, or even election systems could be disrupted with ransomware attacks. The research, conducted by Symantec, revealed that 31 large U.S. corporations, including Fortune 500 companies and news organizations, have fallen victim to Evil Corp, and those are just the ones we know about.
“Celebrity” vulnerabilities like BlueKeep attract the attention and resources of security teams, often hogging the spotlight, allowing other, less visible, but just as dangerous, weaknesses that could be exploited by bad actors to go unnoticed. IoT devices are a perfect case in point.
Last year’s Capital One data breach ranks as one of the largest confirmed breaches ever, exposing the personal data of more than 100 million Capital One customer accounts stored in the cloud.
For years cybersecurity spending has experienced stratospheric growth. Then COVID-19 hit and forecasts took a grim turn.
While many companies have succeeded in creating a sustainable remote workforce, this “new normal” environment remains particularly challenging for security operations teams. Accustomed to working in a physical security operations center (SOC), where collaboration and teamwork is key, security teams must find ways to operate efficiently while working from home.
This week the 13th edition of the Verizon Data Breach Investigations Report (DBIR) was released, which is usually a hallmark event of the cybersecurity world. As we have been in previous years, Bitsight is proud to be a data contributor to the report. After taking some time to give it an initial read through, however, one thing stood out loud and clear to us: how little has changed after 13 years.
As the U.S. biomedical community rushes to combat COVID-19, the FBI announced last week that, in a bid to win the race for a vaccine or cure, state-sponsored Chinese hackers are targeting U.S. researchers in an attempt to “obtain valuable intellectual property and public health data related to vaccines, treatments, and testing.”
The COVID-19 outbreak has seen the roles of many cybersecurity professionals change — and many worry what it will mean for protecting their organizations from attacks.