Home

Relative to phishing and ransomware. How confident is your organization, that the security controls you have place today will protect you?

In the day and age, we live in it's more about when you will experience a breach vs if. It's more about, do you have the abilities to recover and protect PII. Doing your due diligence and reasonable care, mitigate the risk and have controls in place to make it harder for the attackers to get in, if not impossible.

Anonymous Author
In the day and age, we live in it's more about when you will experience a breach vs if. It's more about, do you have the abilities to recover and protect PII. Doing your due diligence and reasonable care, mitigate the risk and have controls in place to make it harder for the attackers to get in, if not impossible.
0 upvotes
Anonymous Author
In addition to the controls and other frameworks, organizations may align with and be heavy on to improve security scores we can't lose sight of the reason we are in these positions, to protect our organizations, partners, and customers.   I've seen where many organizations try and rollout safeguards everywhere and to everything, without really understanding the why behind the what and where in terms of what's actually critical to a business.   From a more risk-based approach, vs. static controls perspective, we can take data, logs, insights, gathered and continuously evaluate, and ask what we can be done now, understand the business risk.    We have seen organizations try and keep up with patching and updates, it's neverending and in some cases, the patches don't or can't come soon enough. This is where moving away from what's vulnerable to what's exploitable, focuses on those areas first.  It's been for a long time Protect, Detect, Respond, Recover. From a MITRE lens, we see a shift toward more identifying, protecting, and containing what's exploitable in our systems and networks.  
0 upvotes