Preparing for Unknown Risks: How to Better Prepare for Risks You Can’t See Yet


As security professionals we’re used to dealing with unknowns and unpredictability. We understand that it’s impossible to always know what’s around the corner. It’s not just about external threats and the big breaches splashed across the news headlines.

On one hand, we’re combating threat actors attempting to steal information, money or simply trying to cause havoc. On the other, we’re trying to better understand employee behavior amidst the myriad of applications they use on a daily basis; always vigilant for any suspicious activity. And while it certainly makes our jobs interesting, unpredictability runs contrary to how the organisations we protect prefer to operate.

Read more…
Source: Rapid7


Sign up for our Newsletter


Related:

  • CISA Releases Two Industrial Control Systems Advisories

    October 18, 2022

    CISA released two Industrial Control Systems (ICS) advisories on October 18, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-22-291-01 Advantech R-SeeNet ICSA-21-336-06 Hitachi Energy APM Edge (Update A) Read more… Source: U.S. Cybersecurity and Infrastructure ...

  • The benefits of taking an intent-based approach to detecting Business Email Compromise 

    October 18, 2022

    Business email compromise (BEC) is one of the most financially damaging online crimes. As per the internet crime 221 report, the total loss in 2021 due to BEC is around 2.4 billion dollars. Since 2013, BEC has resulted in a 43 billion dollars loss. The report defines BEC as a scam targeting businesses (not individuals) ...

  • CISA Releases RedEye: Red Team Campaign Visualization and Reporting Tool

    October 14, 2022

    CISA has released RedEye, an interactive open-source analytic tool to visualize and report Red Team command and control activities. RedEye allows an operator to quickly assess complex data, evaluate mitigation strategies, and enable effective decision making. For more information, CISA encourages users to review RedEye on GitHub and watch CISA’s RedEye tool overview video. Read more… Source: U.S. ...

  • The voting machine hacking threat you probably haven’t heard about

    October 14, 2022

    There’s a largely overlooked hacking target that could help those who want to sow doubt about vote tallies in the November midterms: cellular modems that transmit unofficial election-night results. The modems, which send vote data from precincts to central offices using cellphone networks, help election officials satisfy the public’s demand for rapid results. But putting any ...

  • Oil and Gas Cybersecurity: Trends & Response to Survey

    October 13, 2022

    Trend Micro conducted a study on the state of industrial cybersecurity in the oil and gas, manufacturing, and electricity/energy industries in 2022. Based on the results of a survey of over 900 ICS business and security leaders in the United States, Germany, and Japan, they discuss the characteristics of each industry, the motivations and environmental ...

  • CISA Releases Twenty-Five Industrial Control Systems Advisories

    October 13, 2022

    CISA has released twenty-five (25) Industrial Control Systems (ICS) advisories on October 13, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-22-286-01 Siemens LOGO! ICSA-22-286-02 Siemens Industrial Edge Management ICSA-22-286-03 Siemens Solid Edge ICSA-22-286-04 Siemens SIMATIC ...