Preparing for Unknown Risks: How to Better Prepare for Risks You Can’t See Yet


As security professionals we’re used to dealing with unknowns and unpredictability. We understand that it’s impossible to always know what’s around the corner. It’s not just about external threats and the big breaches splashed across the news headlines.

On one hand, we’re combating threat actors attempting to steal information, money or simply trying to cause havoc. On the other, we’re trying to better understand employee behavior amidst the myriad of applications they use on a daily basis; always vigilant for any suspicious activity. And while it certainly makes our jobs interesting, unpredictability runs contrary to how the organisations we protect prefer to operate.

Read more…
Source: Rapid7


Sign up for our Newsletter


Related:

  • #StopRansomware: ALPHV Blackcat

    December 19, 2023

    The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint CSA to disseminate known IOCs and TTPs associated with the ALPHV Blackcat ransomware as a service (RaaS) identified through FBI investigations as recently as Dec. 6, 2023. This advisory provides updates to the FBI FLASH BlackCat/ALPHV Ransomware Indicators ...

  • Europol publishes IOCTA spotlight report on online fraud schemes

    December 19, 2023

    Europol’s spotlight report on online fraud highlights that online fraud schemes represent a major crime threat in the EU and beyond as online fraudsters generate multiple billions in illicit profits every year to the detriment of individuals, companies and public institutions. Fraud schemes are perpetrated with the intention of defrauding victims of their assets using false ...

  • NCI Agency partners with industry to strengthen NATO’s cyber security posture

    December 13, 2023

    On 13 December 2023, the NATO Communications and Information Agency (NCI Agency) signed a contract with IBM to help strengthen the Alliance’s cybersecurity posture with improved security visibility and asset management across all NATO enterprise networks. Following NATO’s new dynamic and competitive procurement process, featuring regular workshops, sprints and continuous communication with industry, the NCI Agency ...

  • You versus adversaries: How to become unbeatable in 20 cybersecurity moves

    December 8, 2023

    In today’s landscape, every business is inherently based on technology, increasing its susceptibility to significant and frequent threats that can hinder operations, success, and sustainability. At times, it can cause damage that is hard to bounce back from. Securing your organization, therefore, requires a deliberate, proactive, and holistic approach — you must keep constant tabs on ...

  • Why Both C-Suite Executives and Technical Experts Need to Take Memory Safe Coding Seriously

    December 6, 2023

    Memory safety vulnerabilities are the most prevalent type of disclosed software vulnerability. They are a class of well-known and common coding errors that malicious actors routinely exploit. These vulnerabilities represent a major problem for the software industry as they cause manufacturers to continually release security updates and their customers to continually patch. These vulnerabilities persist despite ...

  • Protecting credentials against social engineering

    December 4, 2023

    Our story begins with a customer whose help desk unwittingly assisted a threat actor posing as a credentialed employee. In this fourth report in our ongoing Cyberattack Series, we look at the steps taken to discover, understand, and respond to a credential phishing and smishing (text-based phishing) cyberattack that targeted a legitimate, highly-privileged user with social ...