Which attack vectors and/or techniques should CISOs be aware of, but are often overlooked?

1.7k views5 Upvotes6 Comments

ISSO and Director of the IRU in Healthcare and Biotech, 10,001+ employees
Denial of service and cross script
Assistant Director IT Auditor in Education, 10,001+ employees
I would also add phishing emails, are a very big problem. Security awareness and internal phishing email exercises are helpful in containing the exposure. 
Director of Information Security Operations in Consumer Goods, 1,001 - 5,000 employees
3rd, 4th vendors access
Group Chief Information Security & Data Protection Officer in Construction, 10,001+ employees
I'd say BEC scams, 3rd party vendor access amongst others....
Senior Security and Compliance Auditor in Software, 1,001 - 5,000 employees
Vendor Management and Risk Assessments of new software and tools brought into the environment
VP of IT in Retail, 10,001+ employees
Often CISO’s often forgets that in order to protect the data, they should first understand what data they are trying to protect meaning confidential, sensitive PII, SOX, etc etc. If they can isolate where that data is an put additional guardrails around it, I believe it will help them tremendously.

Content you might like

CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
Read More Comments
48.2k views133 Upvotes326 Comments




2.9k views2 Upvotes