CyberSecurityBoard
Sponsor Register Login

Which cybersecurity controls are organizations struggling with?

The study analyzed the cybersecurity performance of nearly 100,000 organizations around the world across nine industries.
Bitsight mapped its risk vectors to 16 of the MVSP controls and reported performance in 2023 and over time.
Google validated the statistical approach employed in this analysis.
The study found that while every industry in 2023 has a high Pass rate for 10 of the 16 MVSP controls studied, many organizations are still failing on controls critical to protecting themselves against cyber incidents.
The findings indicate that organizations across all industries have several areas in which they must improve their vulnerability management program to reduce exposure to potential breaches.
Notably, 2023 Computer Software industry Fail rates for Dependency Patching and Time to Fix Vulnerabilities - which map to Bitsight analytics correlating to the likelihood of a breach - did not improve from 2020 rates as much as the macro average, leaving other industries vulnerable to third-party risk given their reliance on computer software.
They also had high Pass rates for Customer training and Training.
Organizations across all industries are struggling with controls critical to the health of an organization's vulnerability management program, Bitsight found.
Eight MVSP controls that are important for vulnerability management - External Testing, Self-assessment, Vulnerability Prevention, Encryption, HTTPS-only, Security Headers, Dependency Patching, Time to Fix Vulnerabilities - have either high 2023 Fail rates, low Pass rates, or both, across all industries.
Finally, there has been a decline in use of security headers, including in the computer software industry.
Business leaders around the world need to understand where their companies' vulnerabilities lie and how they match up with others to better manage increasingly complex cyber risks and stakeholder demands.
By understanding the pass and fail rates of MVSP controls organizations will be better armed with the knowledge to benchmark their security performance and improve their cybersecurity strategies to mitigate and reduce vulnerability.


This Cyber News was published on www.helpnetsecurity.com. Publication date: Wed, 13 Dec 2023 10:13:04 +0000


Cyber News related to Which cybersecurity controls are organizations struggling with?

Fortinet Contributes to World Economic Forum's Strategic Cybersecurity Talent Framework - Shining a light on the cybersecurity workforce challenge, the World Economic Forum recently published its Strategic Cybersecurity Talent Framework, which is intended to serve as a reference for public and private decision-makers concerned by the ...
4 months ago Feeds.fortinet.com
Cybersecurity Standards vs Procedures vs Controls vs Policies - Four interrelated terms used in cybersecurity are Policies, Procedures, Standards, Guidelines, and Controls. Policies are at the top, Standards and Guidelines add detail to policies, Controls are the measured outcome of standards in use, and ...
8 months ago Securityboulevard.com
Cybersecurity Training for Business Leaders - This article explores the significance of cybersecurity training for business leaders and its crucial role in establishing a secure and resilient business environment. By examining the key components of effective training programs and the ...
8 months ago Securityzap.com
Understanding the New SEC Rules for Disclosing Cybersecurity Incidents - The U.S. Securities and Exchange Commission recently announced its new rules for public companies regarding cybersecurity risk management, strategy, governance, and incident exposure. "Currently, many public companies provide cybersecurity disclosure ...
10 months ago Feeds.dzone.com
How to Avoid Falling Below the Cybersecurity Poverty Line - The security poverty line broadly defines a divide between the organizations that have the means and resources to achieve and maintain mature security postures to protect data, and those that do not. It was first coined by cybersecurity expert Wendy ...
1 year ago Csoonline.com
How to Set Up Internet Parental Controls - Setting up internet parental controls is a great way to reduce the risk of your child viewing inappropriate content on the web. Parental controls are available on most major internet-enabled devices. Parental controls can prevent and filter a variety ...
10 months ago Pandasecurity.com
Growing threats outpace cybersecurity workforce - The cybersecurity skills shortage threatens the well-being and even survival of numerous businesses as cybersecurity threats grow more numerous, sophisticated, and dangerous to the point that cybersecurity groups have vowed not to pay ransom demands. ...
8 months ago Legal.thomsonreuters.com
How to become a cybersecurity architect - Cybersecurity architects implement and maintain a comprehensive cybersecurity framework to protect their company's digital assets. The cybersecurity architect position is a fundamental role that all organizations need, said Lester Nichols, director ...
3 months ago Techtarget.com
What is the NIST Cybersecurity Framework? Definition from SearchSecurity - The NIST Cybersecurity Framework provides guidance on how to manage and reduce IT infrastructure security risk. NIST created the CSF to help private sector organizations in the United States develop a roadmap for critical infrastructure ...
8 months ago Techtarget.com
Student Cybersecurity Clubs: Fostering Online Safety - Student cybersecurity clubs are playing a crucial role in promoting online safety among students. Student cybersecurity clubs play a vital role in this regard, as they provide a platform for students to learn about the latest threats, share best ...
9 months ago Securityzap.com
Business Cybersecurity Culture: Building a Secure Workforce - To protect their operations and sensitive data, organizations must prioritize the development of a strong cybersecurity culture within their workforce. In this discussion, we will explore the crucial elements of a robust cybersecurity culture and ...
8 months ago Securityzap.com
An In-Depth Guide to the 11 New ISO 27001 Controls - An effective defense against these threats requires a consistent and comprehensive security posture like the one outlined in the ISO 27001 standard. As daunting as these threats seem, up to 80% can be stopped by adopting security controls. The last ...
8 months ago Securityboulevard.com
Optimizing Cybersecurity: How Hackers Use Golang Source Code Interpreter to Evade Detection - Hackers have been upping the stakes when it comes to executing cyberattacks, and an increasingly popular tool in their arsenal is the Golang source code interpreter. Reportedly, the interpreter is used to obfuscate code, thus making it harder for ...
1 year ago Bleepingcomputer.com
Key cybersecurity skills gap statistics you should be aware of - As the sophistication and frequency of cyber threats continue to escalate, the demand for skilled cybersecurity professionals has never been bigger. The skills gap is not merely a statistical discrepancy; it represents a substantial vulnerability in ...
9 months ago Helpnetsecurity.com
What the cybersecurity workforce can expect in 2024 - For cybersecurity professionals, 2023 was a mixed bag of opportunities and concerns. The good news is that the number of people in cybersecurity jobs has reached its highest number ever: 5.5 million, according to the 2023 ISC2 Global Workforce Study. ...
9 months ago Securityintelligence.com
CIS Establishes the Alan Paller Laureate Program - Alan Paller, co-founder of the Center for Internet Security and internationally recognized leader in cybersecurity, passed away suddenly in 2021. His passing was a big loss for CIS, as Alan had helped guide CIS for over 20 years. In 1999, he had ...
1 year ago Cisecurity.org
The Importance of Cybersecurity Education in Schools - Cybersecurity education equips students with the knowledge and skills needed to protect themselves and others from cyber threats. Cybersecurity education can teach students about the impact of cyberbullying, how to prevent it, and how to respond ...
9 months ago Securityzap.com
The US Needs To Follow Germany's Attack-Detection Mandate - To effectively combat these threats, the US needs to adopt a comprehensive and proactive approach to cybersecurity, similar to the one taken by Germany with its IT-SiG 2.0 mandate. The IT-SiG Approach Compared With the US's Current Capabilities One ...
10 months ago Darkreading.com
Cybersecurity Curriculum Development Tips for Schools - With the constant threat of cyber attacks, schools must prioritize the development of a robust cybersecurity curriculum to equip students with the necessary skills and knowledge. This article provides valuable insights and tips for schools aiming to ...
9 months ago Securityzap.com
Demystifying cybersecurity terms: Policy, Standard, Procedure, Controls, Framework, Zero Trust - I am often asked what is the difference between Policy, Standard, Procedure in cybersecurity. A cybersecurity standard is a set of guidelines, criteria, or best practices that organizations follow to ensure that their security controls and procedures ...
6 months ago Endpoint-cybersecurity.com
Cybersecurity Frameworks: What Do the Experts Have to Say? - Cybersecurity frameworks are blueprints for security programs. Typically developed by governmental organizations, industry groups, or international bodies, they take the guesswork out of developing defense strategies, providing organizations with ...
3 months ago Tripwire.com
ISB Cybersecurity Awareness Month: Expert Tips - Information Security Buzz spoke with several security experts and asked them, “What’s the one piece of advice that could make a difference?” Their responses highlight that cybersecurity is not one-size-fits-all—each organization must tailor ...
2 days ago Informationsecuritybuzz.com
Which cybersecurity controls are organizations struggling with? - The study analyzed the cybersecurity performance of nearly 100,000 organizations around the world across nine industries. Bitsight mapped its risk vectors to 16 of the MVSP controls and reported performance in 2023 and over time. Google validated the ...
9 months ago Helpnetsecurity.com
Cybersecurity Performance Goals: Assessing How CPGs Help Organizations Reduce Cyber Risk - In October 2022, CISA released the Cybersecurity Performance Goals to help organizations of all sizes and at all levels of cyber maturity become confident in their cybersecurity posture and reduce business risk. Earlier this summer, CISA outlined ...
10 months ago Cisa.gov
Digital Learning Tools for Cybersecurity Education - In the field of cybersecurity education, digital learning tools have become indispensable. This article explores various digital learning tools tailored specifically to cybersecurity education. These digital learning tools play a crucial role in ...
9 months ago Securityzap.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)