Preparing for Unknown Risks: How to Better Prepare for Risks You Can’t See Yet


As security professionals we’re used to dealing with unknowns and unpredictability. We understand that it’s impossible to always know what’s around the corner. It’s not just about external threats and the big breaches splashed across the news headlines.

On one hand, we’re combating threat actors attempting to steal information, money or simply trying to cause havoc. On the other, we’re trying to better understand employee behavior amidst the myriad of applications they use on a daily basis; always vigilant for any suspicious activity. And while it certainly makes our jobs interesting, unpredictability runs contrary to how the organisations we protect prefer to operate.

Read more…
Source: Rapid7


Sign up for our Newsletter


Related:

  • Governments on high alert after CISA snuffs out Firestarter backdoor on fed network

    April 24, 2026

    A US federal agency was successfully targeted by a previously unknown backdoor malware called Firestarter, according to CISA cybersnoops and their UK counterparts – neither of which disclosed the agency’s name. Federal Civilian Executive Branch (FCEB) agencies include NASA; Homeland Security itself (cyberworkers at CISA are part of an operational unit in Homeland Security); the FBI; the DoJ; the IRS; the ...

  • Apple fixes iOS bug that kept deleted notifications, including chat previews

    April 23, 2026

    Apple has released a software update that deals with an issue that could allow deleted notifications to be retrieved. Something that, in at least one reported case, was used by law enforcement during forensic analysis. Apple fixed the issue in iOS and iPadOS versions 18.7.8 and 26.4.2 (check availability for your device at those links). The ...

  • Microsoft releases Windows Server update fix to fix its April update fixes

    April 20, 2026

    Microsoft has pushed out an out-of-band update to address the restart loop that hit some Windows Server devices after its April update. The fix will spare administrators the headache of forced server restarts after installing the April 2026 update. (A reminder that deploying any Microsoft update directly to production without thorough testing is, to put it ...

  • Personal data held by NHS Shetland is breached more than 160 times in three years

    April 17, 2026

    Personal and sensitive data held by NHS Shetland was breached more than 160 times over the last three years, it can be revealed. Information given to The Shetland Times through a Freedom of Information (FoI) request showed there was 161 occassions where confidential data was leaked. Data was shown to be lost, stolen or left insecure ...

  • Cisco tells Webex users to patch critical security flaws immediately

    April 17, 2026

    Cisco has pushed a new patch to address four critical-severity vulnerabilities plaguing its cloud-based Webex Services platform – and has also warned Wi-Fi access points users of a bug in certain versions of IOS XE that could result in a device bootloop. Webex Services is a platform for communication and collaboration, letting people hold video meetings, ...

  • Patient medical data stolen in Chipsoft ransomware attack

    April 17, 2026

    Medical software company Chipsoft has confirmed that patient data was stolen in a ransomware attack last week, after initially telling clients that personal data was “probably” safe. The attack hit family doctors, rehabilitation clinics and the Rotterdam Eye Hospital, which all use Chipsoft’s cloud-hosted HiX 365 platform. Other hospitals that use the company’s technology on their ...