Which attack vectors and/or techniques should CISOs be aware of, but are often overlooked?

Risk Management Threat & Vulnerability Management

1.7k views5 Upvotes6 Comments

ISSO and Director of the IRU in Healthcare and Biotech, 10,001+ employees

Denial of service and cross script

Assistant Director IT Auditor in Education, 10,001+ employees

I would also add phishing emails, are a very big problem. Security awareness and internal phishing email exercises are helpful in containing the exposure.

Director of Information Security Operations in Consumer Goods, 1,001 - 5,000 employees

3rd, 4th vendors access

Group Chief Information Security & Data Protection Officer in Construction, 10,001+ employees

I'd say BEC scams, 3rd party vendor access amongst others....

Senior Security and Compliance Auditor in Software, 1,001 - 5,000 employees

Vendor Management and Risk Assessments of new software and tools brought into the environment

VP of IT in Retail, 10,001+ employees

Often CISO’s often forgets that in order to protect the data, they should first understand what data they are trying to protect meaning confidential, sensitive PII, SOX, etc etc. If they can isolate where that data is an put additional guardrails around it, I believe it will help them tremendously.

Content you might like

Security execs, are you pushing exec leadership to get you additional liability protection in light of the updated SEC cyber disclosure requirements?

Regulatory Compliance Governance, Risk & Compliance Risk Management

Yes50%

Current liability protection is still adequate50%

No0%

4 PARTICIPANTS

24 views

If you had a magic wand - what's the #1 daily business challenge you'd eliminate?

People & Leadership Strategy & Architecture Cloud +57 more

CTO in Software, 201 - 500 employees

Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.

143 19 Replies

How can you design your org’s security policies to more effectively drive awareness?

Security Strategy & Roadmap Awareness & Training Risk Management

Head of Information Security in Services (non-Government), 1,001 - 5,000 employees

Using relevant examples to help underscore the importance of adhering to policies is key because it helps your messaging resonate. The MOVEit breach has impacted hundreds of companies and millions of individuals, so using ...read more

How can infosec leaders/CISOs get their org to shift from a legacy security strategy that’s more compliance-focused to one that’s focused on risk reduction?

Security Strategy & Roadmap Risk Management Third Party Risk Management (TPRM)

Head of Information Security in Services (non-Government), 1,001 - 5,000 employees

Having the right governance structures in place is important. We have a committee that's called the Protect Subcommittee that comprises the general counsel's office and leaders from our privacy and security practice ...read more

Is your business worried about friendly fraud?

Finance Business Applications Legal +25 more

Yes72%

No27%

630 PARTICIPANTS

2.9k views2 Upvotes