Preparing for Unknown Risks: How to Better Prepare for Risks You Can’t See Yet


As security professionals we’re used to dealing with unknowns and unpredictability. We understand that it’s impossible to always know what’s around the corner. It’s not just about external threats and the big breaches splashed across the news headlines.

On one hand, we’re combating threat actors attempting to steal information, money or simply trying to cause havoc. On the other, we’re trying to better understand employee behavior amidst the myriad of applications they use on a daily basis; always vigilant for any suspicious activity. And while it certainly makes our jobs interesting, unpredictability runs contrary to how the organisations we protect prefer to operate.

Read more…
Source: Rapid7


Sign up for our Newsletter


Related:

  • CISA Releases Eight industrial Control Systems Advisories

    September 19, 2022

    CISA has released eight (8) Industrial Control Systems (ICS) advisories on September 20, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: • ICSA-22-263-01 Hitachi Energy PROMOD IV • ICSA-22-263-02 Hitachi Energy AFF660/665 Series • ICSMA-22-263-01 ...

  • Eastern European org hit by second record-smashing DDoS attack

    September 16, 2022

    Akamai says it has absorbed the largest-ever publicly known distributed denial of service (DDoS) attack – an assault against an unfortunate Eastern European organization that went beyond 700 million packets per second. This latest tsunami of traffic hit on Monday, according to the web infrastructure biz, and we’re told the cybercriminals responsible for the earlier record-setting ...

  • Zero-Day Exploit Detection Using Machine Learning

    September 16, 2022

    Code injection is an attack technique widely used by threat actors to launch arbitrary code execution on victim machines through vulnerable applications. In 2021, the Open Web Application Security Project (OWASP) ranked it as third in the top 10 web application security risks. Given the popularity of code injection in exploits, signatures with pattern matches are ...

  • CISA Releases Eleven Industrial Control Systems Advisories

    September 15, 2022

    CISA has released eleven (11) Industrial Control Systems (ICS) advisories on September 15, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-22-258-01 Siemens Mobility CoreShield OWG Software ICSA-22-258-02 Siemens Simcenter Femap, Parasolid ICSA-22-258-03 Siemens RUGGEDCOM ...

  • Russia’s Sovereign Internet Creates Security Risks With Implications for Cyber (Re)Insurance While War in Ukraine Develops

    September 10, 2022

    A sovereign Russian internet could lead to cyber criminal safe havens, greater confidence that large-scale attacks can be carried out without consequences, and intelligence blindspots, according to a new report published today by cyber risk analytics expert CyberCube. The research “Ukraine Cyber War Update: Spotlight on activity six months later” examines the dramatic rise in the ...

  • Pakistan government labels its own cybersecurity team ‘incompetent’

    September 7, 2022

    A Pakistani parliamentary committee has labelled its own cybersecurity agency “incompetent”. That damning assessment was offered by the nation’s Standing Committee on Information Technology and Telecommunication at a Monday meeting convened to brief committee members on the workings of Pakistan’s Ministry of Information Technology and Telecommunication. Read more… Source: The Register