Preparing for Unknown Risks: How to Better Prepare for Risks You Can’t See Yet


As security professionals we’re used to dealing with unknowns and unpredictability. We understand that it’s impossible to always know what’s around the corner. It’s not just about external threats and the big breaches splashed across the news headlines.

On one hand, we’re combating threat actors attempting to steal information, money or simply trying to cause havoc. On the other, we’re trying to better understand employee behavior amidst the myriad of applications they use on a daily basis; always vigilant for any suspicious activity. And while it certainly makes our jobs interesting, unpredictability runs contrary to how the organisations we protect prefer to operate.

Read more…
Source: Rapid7


Sign up for our Newsletter


Related:

  • Report finds Apple devices fare the worst when it comes to full takeover risks

    August 1, 2024

    A worrying number of environments are vulnerable to complete takeover via escalated privileges, a new report from Picus Security has found. Environments were tested in simulated attacks, with the average organization managing to defend against 7 out of 10 attacks, but considering the constant threat presented by organized cybercrime groups, this leaves a serious margin for potential ...

  • CrowdStrike is sued by shareholders over huge software outage

    August 1, 2024

    CrowdStrike has been sued by shareholders who said the cybersecurity company defrauded them by concealing how its inadequate software testing could cause the July 19 global outage that crashed more than 8 million computers. In a proposed class action filed on Tuesday night in the Austin, Texas federal court, shareholders said they learned that CrowdStrike’s assurances ...

  • UK: Basic IT security failings left electoral register vulnerable

    July 30, 2024

    Basic IT security failings allowed Chinese state-linked hackers to access the election watchdog’s register containing the details of 40 million voters. The Information Commissioner’s Office (ICO) said the Electoral Commission had failed to keep its servers updated, allowing hackers to exploit the vulnerability. The National Cyber Security Centre (NCSC), part of GCHQ, has previously said it ...

  • EU to toughen cyberattack defence strategy for healthcare sector

    July 24, 2024

    Political Guidelines 2024-2029 published before Von der Leyen’s reappointment as president of the EU executive last week included suggested a new action plan on cybersecurity of hospitals and healthcare providers will be presented in the first 100 days of the new mandate. The Guidelines were published a day before a massive IT outage brought hospitals and ...

  • TracFone will pay $16 million to settle FCC data breach investigation

    July 24, 2024

    Following three separate data breaches between 2021 and 2023 which exposed the proprietary information (PI) of TracFone Wireless customers, the Federal Communications Commission (FCC) announced that the Verizon-owned company has agreed to pay a $16 million civil penalty to settle the government investigation, and it has made an agreement to improve its application programming interface ...

  • Microsoft IT outage linked to cyber security firm Crowdstrike hits airlines, railways, NHS and media outlets globally

    July 19, 2024

    The ‘most serious IT outage the world has ever seen’ sparked global chaos today – with planes and trains grounded, the NHS disrupted, shops closed, football teams unable to sell tickets and banks and TV channels knocked offline. The devastating technical fault caused Windows computers to suddenly shut down, prompting departure boards to immediately turn off ...