Preparing for Unknown Risks: How to Better Prepare for Risks You Can’t See Yet


As security professionals we’re used to dealing with unknowns and unpredictability. We understand that it’s impossible to always know what’s around the corner. It’s not just about external threats and the big breaches splashed across the news headlines.

On one hand, we’re combating threat actors attempting to steal information, money or simply trying to cause havoc. On the other, we’re trying to better understand employee behavior amidst the myriad of applications they use on a daily basis; always vigilant for any suspicious activity. And while it certainly makes our jobs interesting, unpredictability runs contrary to how the organisations we protect prefer to operate.

Read more…
Source: Rapid7


Sign up for our Newsletter


Related:

  • Enzo Biochem ordered to cough up $4.5 million over lousy security that led to ransomware disaster

    August 14, 2024

    Biotech biz Enzo Biochem is being forced to pay three state attorneys general a $4.5 million penalty following a 2023 ransomware attack that compromised the data of more than 2.4 million people. New York’s attorney general Letitia James announced the news on Tuesday after an investigation into Enzo’s incident concluded, finding various cybersecurity malpractices that led ...

  • Musk Blames DDoS Attack For 40-Minute Delayed Start to Trump’s X Livestream

    August 13, 2024

    Technical difficulties delayed former President Donald Trump’s live conversation with Elon Musk on X by over 40 minutes. Musk blamed the issues on a distributed denial-of-service (DDoS) cyberattack, in which a bad actor seeks to overload a target server with traffic, rendering it unusable. His claims could not be verified. “We unfortunately had a massive distributed ...

  • Indirect prompt injection in the real world: how people manipulate neural networks

    August 12, 2024

    Large language models (LLMs) – the neural network algorithms that underpin ChatGPT and other popular chatbots – are becoming ever more powerful and inexpensive. Systems built on instruction-executing LLMs may be vulnerable to prompt injection attacks. A prompt is a text description of a task that the system is to perform, for example: “You are a ...

  • Keys to the Kingdom – Gaining access to the Physical Facility through Internal Access

    August 9, 2024

    This is a story of network segmentation and the impact that seemingly trivial misconfigurations can have for your organization. This is one of those occasions. This particular pen test asked for goals-based assessment focusing on post-compromise activities — an attempt by the client to discover how vulnerable internal systems were to lateral movement by an attacker ...

  • Bringing Security Back into Balance

    August 4, 2024

    A growing tension has been proliferating in the modern enterprise, shallow, but just under the surface. The recent CrowdStrike outage punctuated this tension in dramatic fashion — and what we saw coming all along, is here now. Revolutionary technology shifts come fast and are integrated quickly into the day-to-day operations of the business. In return, ...

  • Optus and Medibank Data Breach Cases Allege Cyber Security Failures

    August 2, 2024

    2022 was a big year for cyber security breaches in Australia. Both telecommunications provider Optus and private health insurer Medibank suffered large-scale data breaches affecting tens of millions of Australians, leading to heightened regulatory and business focus on cyber security in the years since. The two data breaches also led to legal action, with recent court ...