Cybersecurity Risk Assessment Best Practices - Mod 2 - Identifying and Understanding Cyber Risk: Uncovering Threats and Vulnerabilities: The Risk Identification Process

-

Let's be honest about something: cybersecurity used to be that thing IT folks worried about while everyone else focused on "real business." Those days are gone. Today's interconnected digital world has made cybersecurity a cornerstone of every organization's strategy, whether we like it or not.

Technology keeps evolving at breakneck speed, bringing incredible convenience and innovation along for the ride. But here's the catch: each advancement seems to introduce new risks and sophisticated threats that can challenge even the most experienced security professionals. It doesn't matter if you're running a three-person startup from your garage or managing IT for a Fortune 500 company. Protecting your digital infrastructure has become critical for survival, not just success.

Picture the modern digital landscape as a battlefield where cyber threats never take a coffee break. Understanding and identifying cybersecurity controls isn't just important anymore; it's become essential for any organization that wants to protect what matters most to them.

 

This article will walk through what I consider the most critical first step in building a security program that actually works: risk identification. We'll break down how to identify risks by defining threats (the bad actors or events that can exploit your weaknesses), vulnerabilities (the actual weaknesses in your systems, policies, or procedures), and impact (the damage that follows when someone successfully breaks through your defenses).

Beyond that, we'll explore the varied landscape of threat actors. Hacktivists, insiders, nation-state actors, cybercriminals - each group has different motivations and methods that might surprise you. Finally, I'll provide practical guidance on creating what every organization desperately needs but often overlooks: a comprehensive asset inventory. You can't protect what you don't know you have, and understanding your assets (software, hardware, or those tricky ephemeral ones) forms the foundation of effective protection.

The Foundation of Cybersecurity: Understanding Risk Identification

Here's something that might sound counterintuitive: cybersecurity isn't about eliminating all risks. It's about managing them intelligently. No organization can realistically achieve 100% security or operate with zero risk. Anyone who tells you otherwise is probably trying to sell you something expensive.

Security is more like a balancing act. You're constantly weighing what's most important, what can wait, and what risks your business can actually live with. The whole process of security and risk management starts with identifying and assessing these risks in the first place.

This involves taking a hard look at your organization's assets, figuring out what threats and vulnerabilities exist, and then evaluating how likely those risks are and what damage they could cause. Risk identification represents a proactive approach to cybersecurity. Rather than waiting for something bad to happen, you're trying to identify, analyze, and evaluate risks before they turn into the kind of incidents that make headlines.

Risks emerge from the intersection of two factors: the likelihood that a cybersecurity incident will occur and the potential impact on your organization if it does. It's basic math, but the variables can be surprisingly complex.

Defining the Core Elements: Threats, Vulnerabilities, and Impact

Before we dive deeper into the risk identification process, let's establish clear definitions for the fundamental components. These three elements work together, and understanding each one is crucial for building effective defenses.

 

Threats: The "Who" and "What" Behind Attacks

In cybersecurity, threats represent any event, actor, or action that could exploit a vulnerability to harm your organization's information systems, data, or digital operations. Think of them as the potential causes of unwanted incidents that can show up in various forms.

Malicious actors top the list, but threats also include malware, natural disasters, or even inherent system vulnerabilities that lead to disruptions or data breaches. The diversity of these threats is what makes cybersecurity so challenging. You're not just defending against one type of attack; you're building defenses that need to address multiple attack vectors simultaneously.

What makes this particularly interesting is how threats have evolved. Twenty years ago, most cyber attacks were relatively simple and often motivated by curiosity or bragging rights. Today's threat actors are more sophisticated, better funded, and often backed by organized crime or nation-states.

Vulnerabilities: Your Organization's Weak Points

Vulnerabilities are the exploitable weaknesses in your organization's systems, policies, or procedures. If threats are the arrows, vulnerabilities are the gaps in your armor that those arrows can pierce.

Common examples include unpatched software that exposes systems to known exploits, or misconfigurations that accidentally grant unauthorized access to users who shouldn't have it. Human errors play a significant role here too. Poor password practices, lack of employee training, or simple mistakes can create vulnerabilities that are just as dangerous as technical flaws.

Software vulnerabilities deserve special attention. These flaws or weaknesses in software programs can be introduced in several ways. Sometimes a developer wasn't trained on the Open Worldwide Application Security Project (OWASP) Top 10. Other times, an old vulnerability gets mistakenly reintroduced into code during updates. Occasionally, hackers discover new ways to exploit code only after it's been published and deployed.

The financial impact of unpatched vulnerabilities alone can be staggering. We're talking about multi-million dollar losses for organizations that don't stay on top of their patch management. The Cybersecurity & Infrastructure Security Agency (CISA) maintains a catalog of Known Exploited Vulnerabilities (KEV), and there's a good reason they emphasize addressing these as immediate and significant risks.

Impact: Measuring the Damage

The potential impact of a successful cyber attack quantifies what could happen if your defenses fail. This goes far beyond just immediate technical damage.

Data breaches that compromise sensitive information represent one type of impact, but financial losses from operational disruptions can be equally devastating. Reputational damage might be the most underestimated consequence. When customers and partners lose trust in your ability to protect their data, rebuilding that confidence can take years.

Consider the European Union's General Data Protection Regulation (GDPR), which can impose fines up to 4% of a company's annual revenue, with a maximum of EUR 20 million, for data breaches. These aren't theoretical penalties; regulators have shown they're willing to use them.

Here's something important to understand about modern data breaches: they're rarely the result of a single vulnerability or misconfiguration. Instead, they typically result from what security professionals call a "cascade of failures." Multiple things go wrong, and attackers chain these failures together to achieve their objectives, whether that's implementing ransomware, cryptomining, or stealing data.

 

A Deep Dive into Threat Actors: Who's Attacking and Why?

Understanding who wants to attack you and why they're doing it forms a cornerstone of effective cybersecurity strategy. Threat actors are constantly evolving their tactics, techniques, and procedures (TTPs), creating an ongoing game of cat and mouse for defenders.

The fundamental challenge in cybersecurity is what we call the "attacker's advantage" versus the "defender's dilemma." Attackers only need to find one vulnerability to breach your defenses, while defenders must maintain vigilance across all potential attack surfaces. This asymmetry explains why cybersecurity feels so challenging.

 

The External Adversaries

External threats make up a substantial portion of cyber risks, driven by various motivations that range from purely financial to ideological.

Cybercriminals: Money Makes the World Go Round

Cybercriminals are primarily motivated by financial gain. They're in the business of stealing money or selling stolen information on the Dark Web, and they view Internet crime as highly lucrative with relatively low risk of prosecution.

Phishing Attacks remain one of the most common initial access vectors. Attackers craft emails with either malicious software attached or links to servers designed to download malware. While companies have become more vigilant about deploying email filtering solutions, hackers have adapted their tactics accordingly.

Phishing attacks can lead to account compromises, but multi-factor authentication (MFA) can prevent up to 99% of these attacks. That statistic alone should convince any organization to implement MFA across their systems.

Malware, particularly Ransomware, represents a significant and growing threat. The typical attack pattern has become quite sophisticated. Attackers gain initial access to a corporate network, then move quietly within it to locate and steal high-value data. We're talking about human resources personally identifiable information (PII), source code, intellectual property, and other sensitive information that companies would pay to retrieve or prevent from being sold.

FBI Agent Smith (not his real name, obviously) highlights a concerning trend where attackers find entry points through insecure Remote Desktop Protocol (RDP), Server Message Block (SMB), or email phishing. Their movements within networks are often silent to avoid detection by Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), and Security Information and Event Management (SIEM) systems.

Here's where it gets particularly nasty: once attackers have moved sensitive data to a server they control, they deploy the ransomware. This strategy means that even if your organization has good offline backups, you might still feel compelled to pay the ransom to prevent the stolen data from being leaked onto the dark web. The threat of regulatory fines like those under GDPR adds another layer of pressure.

The CyrusOne breach involving the REvil gang shows how ransomware groups leverage the threat of data leakage and regulatory fines to pressure victims into paying. Perhaps more concerning, ransomware gangs often target the same companies multiple times. Lightning does strike twice in cybersecurity.

Exploiting Public-Facing Vulnerabilities became a primary attack vector by 2020, particularly targeting hosts with unsecured RDP port 3389. Attackers discover these vulnerable devices using publicly available information from sites like Shodan or Censys.io, which can query the entire internet for open ports and externally visible devices.

Censys.io's ability to query the entire internet without performing real-time scans makes it a powerful reconnaissance tool for attackers. They can identify targets without triggering network monitoring systems, giving them a significant advantage in the initial reconnaissance phase.

Ransomware can self-propagate across networks using SMB (ports 139 and 445) and RDP (port 3389). Organizations can mitigate RDP vulnerabilities by implementing two-factor authentication, using complex 14-character passwords, disabling RDP when it's not needed, ensuring privileged accounts use jump stations, and ideally utilizing VPN access to avoid direct RDP exposure to the internet.

For SMB vulnerabilities, recommended security measures include blocking ports 139 and 445 on perimeter firewalls, using VPN access, implementing filtered VLANs for network isolation, and employing MAC address filtering.

Zero-Day Threats represent particularly insidious vulnerabilities. These are security holes in computer systems that are unknown to owners, developers, or anyone capable of fixing them on "day zero" of their discovery. Many hackers discover these vulnerabilities and sell them in cybercrime marketplaces. Finding a vulnerability is typically legal; exploiting it usually isn't.

Software developers in the exploit marketplace may then create and sell "exploit kits" that incorporate vulnerability code into easy-to-use packages. This commercialization of exploits broadens their reach significantly.

"Drive-by Compromise" and Business Email Compromise (BEC) represent insidious initial access tactics. Drive-by Compromise involves attackers distributing malware through paid advertising (malvertising) without targeting specific companies or individuals. BEC attacks involve impersonating online business partners to commit fraud.

Supply Chain Vulnerabilities represent a growing concern. Attackers exploit weaknesses in third-party vendors to compromise multiple targets simultaneously. The SolarWinds attack serves as a stark reminder that even well-protected organizations can be vulnerable if their suppliers lack strong security practices.

AI-Driven Cyberattacks represent a new frontier in cyber threats. With advancements in machine learning, adversaries are increasingly utilizing AI to adapt and improve their attack effectiveness. This creates an arms race between AI-powered attacks and AI-powered defenses.

The Hidden Danger: Insider Threats

While external cyber threats often dominate news headlines, insider threats lurk within organizations and pose equally significant risks to cybersecurity. These threats originate from current or former employees, contractors, or business partners who possess intimate knowledge of organizational systems and operations.

Insider threats fall into two main categories, and both can cause serious damage.

Intentional Insider Threats

These stem from individuals with malicious intent, such as disgruntled employees seeking to inflict harm on their current or former employers. The motivations for intentional insider threats are diverse but often center around money or revenge.

There are documented cases where individuals intentionally seek employment in positions with access to financial systems, planning from the start to manipulate money transfers. Other cases involve employees being blackmailed into stealing intellectual property or committing fraud.

In the technology industry, revenge appears to be a significant motivator for insider activity. Employees who feel wronged by management decisions, layoffs, or perceived unfair treatment may turn their insider knowledge against their employers.

Unintentional Insider Threats

These may be even more prevalent and challenging to detect than intentional threats. They stem from employees' inadvertent actions or negligence rather than malicious intent. Security professionals sometimes call these "people bugs."

Unintentional threats can occur due to inattention, ignorance, inadequate training, misreading procedures, or falling victim to social engineering attacks. Unintended misconfigurations are highlighted as a root cause of nearly every data breach, which suggests that human error plays a larger role in cybersecurity incidents than many organizations realize.

A common mistake in modern application development involves accidentally committing sensitive secrets into Version Control Systems (VCS) like Git. These secrets might include authentication tokens, passwords, and API keys. If pushed to public repositories, these secrets become accessible to malicious actors, potentially leading to data breaches or unauthorized access.

Even in private repositories, insider threats remain dangerous, and private repositories can become public in the future through administrative errors or policy changes. Microsoft AI researchers accidentally leaked Azure Storage shared access signature (SAS) tokens in their public GitHub repository, resulting in a breach exposing 38 TB of private data.

Poor cybersecurity hygiene, such as weak password policies or unencrypted data storage, inadvertently provides opportunities for both internal and external threats to exploit organizational weaknesses.

Whether through negligence or malice, insider threats can lead to devastating consequences including data breaches, intellectual property (IP) theft, or disruption of critical operations. Organizations need a multi-pronged approach to secure their data from both internal and external adversaries. This includes implementing strong security policies, enforcing Role-Based Access Control (RBAC), encrypting data, and following the Principle of Least Privilege (PoLP).

Other Threat Categories

Beyond the primary external and internal categories, other types of threat actors contribute to the complex risk landscape that organizations face today.

Nation-State Actors are often well-funded and highly skilled, pursuing objectives such as espionage, sabotage, or disrupting critical infrastructure. They commonly seek information and data, but increasingly target disruption, financial gain, and political influence.

Hacktivists are groups with specific political agendas that design cyberattacks to draw attention to their causes, gain public support, or achieve political advantage by weakening opposing systems. Their objectives typically involve influence or making political statements, and they sometimes target voting systems or government infrastructure.

Competitors seek to gain business advantages, often through theft of intellectual property, trade secrets, or strategic plans. They've also been known to orchestrate Distributed Denial of Service (DDoS) attacks to disrupt rivals. Competitors rarely conduct attacks personally but instead rely on criminal networks to achieve their objectives.

Sadists and Lone Wolves represent less common but still significant threats. Individuals driven by revenge (sadists) or those operating within a "cybercrime-as-a-service" model (lone wolves) contribute to the threat landscape. The latter model expands the reach of solo actors by providing them with sophisticated tools and services.

Advanced Persistent Threats (APTs) involve sophisticated, long-term attacks designed to infiltrate systems without detection. These are often associated with nation-state actors and can remain undetected within networks for months or years.

Knowing What to Protect: The Crucial Asset Inventory

Once you understand the various types of threats and vulnerabilities your organization faces, the next fundamental step in risk identification involves knowing what assets exist that require protection. This leads to what should be an obvious but often overlooked process: creating a comprehensive asset inventory.

The reality for many organizations is that asset inventory tends to be an afterthought. People get excited about implementing the latest security technologies or threat intelligence platforms, but they skip the basic step of cataloging what they actually need to protect. However, building a truly cyber-resilient organization requires having a solid asset inventory that details everything on your network, whether on-premise or in the cloud.

Why an Asset Inventory is Non-Negotiable

An effective asset inventory allows organizations to accomplish several critical objectives that form the foundation of good cybersecurity practice.

Understanding your attack surface starts with knowing what you have. You simply cannot protect what you don't know exists. A clear inventory helps identify all potential points of entry or compromise that attackers might exploit.

Prioritizing security measures becomes possible when you understand the value and significance of each asset. Organizations have limited security resources, and a good inventory allows you to allocate those resources most effectively. This helps determine which assets require more immediate or stronger protection.

Hackers often target companies based on their revenue and actively leverage publicly available information about their assets when planning attacks. Understanding what information about your assets is publicly visible can help you reduce your attack surface.

Supporting incident response and recovery requires knowing what you're dealing with when things go wrong. In the event of a breach, a comprehensive asset inventory becomes crucial for quickly identifying compromised systems, containing the incident, and facilitating swift recovery.

What Constitutes an Asset?

Assets encompass a broad range of resources, both tangible and intangible, that contribute to your organization's operation and hold value. The scope might be broader than you initially think.

Software includes applications, operating systems, databases, custom code, third-party software, open-source components, and ephemeral software like containers and serverless functions. Modern applications often depend on dozens or even hundreds of open-source components, making software asset inventory particularly challenging.

Hardware encompasses servers, workstations, laptops, mobile devices, network devices (routers, switches, firewalls), IoT devices, and physical infrastructure. The proliferation of IoT devices in business environments has made hardware inventory more complex than it used to be.

Data represents critical information, personally identifiable information (PII), intellectual property (IP), financial records, customer data, strategic plans, and proprietary knowledge, whether stored locally or in the cloud, and whether at rest or in transit.

Human Resources include employees, contractors, and business partners, particularly those with privileged access or knowledge of critical systems. People often represent both your greatest asset and your greatest vulnerability.

Each asset should be classified based on its significance to organizational functionality, its intrinsic value, and its role in achieving company objectives. This classification process helps you understand the potential impact if any asset becomes compromised, allowing you to prioritize security measures more effectively.

Practical Guidance for Creating and Maintaining an Asset Inventory

Conducting a Thorough Initial Inventory begins with logging every resource that contributes to your organization's operations and carries value. This process involves more than creating a simple list; it requires detailed information about each asset, including its location, owner, criticality level, and dependencies.

Leveraging Tools for Discovery can significantly improve your inventory accuracy and efficiency. While manual efforts often form part of the initial phase, organizations should utilize tools to aid in ongoing inventory management. These can range from simple spreadsheets for smaller organizations to more sophisticated Configuration Management Databases (CMDBs).

Tools like ManageEngine, ServiceNow, Drata, Secureframe, Vanta, Microsoft Intune, and various Cloud Security Posture Management (CSPM) and Cloud Native Application Protection Platform (CNAPP) tools can automate much of the discovery process. CSPM and CNAPP tools are particularly useful for identifying cloud misconfigurations and unintended exposures to the internet, providing insights from services like AWS Security Hub, AWS Inspector, Amazon GuardDuty, Azure Microsoft Defender for Cloud, and GCP Security Command Center.

Monitoring External Devices and Open Ports requires actively monitoring your external devices and internet-facing assets, since hackers frequently target companies by leveraging publicly available information about their infrastructure.

Tools like Censys.io can query the entire internet for open ports, certificates, hosts, and devices visible externally to your company's domain (like www.cisco.com). This querying represents a database query rather than a real-time scan, so it won't trigger your network monitoring sensors. However, it provides the same information that attackers use to identify potential targets.

Developing a Change Management Plan and Configuration Baseline ensures that your asset inventory remains accurate over time. An asset inventory should be accompanied by strong change management processes that document scheduled and unscheduled changes, require approval for architectural changes, and manage exceptions appropriately.

Establishing secure baseline configurations for all assets (laptops, servers, cloud assets, network devices) is essential for building a cyber-resilient organization. This means that every new device or asset should be built with a base image that has specific security controls already configured, such as strong password requirements or "deny all by default" firewall rules.

Automating these configurations can significantly enhance security while reducing manual effort. For example, using a product like Ansible for network devices can ensure consistent security configurations across your infrastructure. A secure configuration can prevent up to 99% of cloud and firewall breaches.

Organizations can use standards like Center for Internet Security (CIS) Implementation Groups (IGs) or Security Technical Implementation Guides (STIGs) to guide their baseline configurations. These frameworks provide tested, community-validated security recommendations.

Addressing Cloud Asset Inventory Challenges requires recognizing that cloud environments present unique difficulties for traditional asset inventory approaches. It can be challenging to apply conventional measurement techniques to virtual machines (VMs) in Platform as a Service (PaaS) cloud environments, since hardware is shared among multiple virtual instances.

VM instances may have different network addresses when they start and stop, leading automated scanning tools to incorrectly identify them as separate devices. Additionally, there may be a lack of centralized naming or IP address mapping for ephemeral cloud assets that exist only temporarily.

Despite these challenges, organizations must define what a "good" security posture looks like for their cloud VMs and measure deviations from that configuration. Tools that can identify the total number of instances in a PaaS environment and highlight those that deviate from organizational standards are critical for managing cloud-related risks effectively.

Integrating Risk Identification into Your Cybersecurity Strategy

The insights you gain from a solid risk identification process are invaluable for shaping your organization's overall cybersecurity strategy. However, these insights must be effectively communicated to senior leadership to secure the necessary buy-in and resources for implementation.

It's the CISO's responsibility to educate the executive management team about the risks the organization faces. Executive leadership has the responsibility to fund IT and security budgets to properly mitigate, accept, or transfer the risks facing the company. Without this education and buy-in from the top, even the best risk identification efforts may not translate into effective security improvements.

A risk register that systematically documents identified risks, existing controls, and proposed mitigation strategies should be regularly presented to senior management to ensure top-down support for security initiatives. This document serves as a communication tool between technical security teams and business leadership.

 

Cybersecurity is not a static state but represents a dynamic and constantly evolving field. The cyber threat environment changes continuously, with new threats emerging and existing ones becoming more sophisticated over time. This reality means that risk identification must be an ongoing, continuous process that adapts to new threats, technologies, and business changes.

Regularly reviewing and updating risk assessments, threat taxonomies, and risk registers ensures that your organization's security posture remains aligned with current realities. By proactively identifying emerging risks and adapting controls accordingly, organizations can work to prevent potential breaches rather than merely reacting after incidents occur.

This proactive approach requires dedication and resources, but it represents the difference between organizations that successfully manage cyber risks and those that become cautionary tales in security conferences.

Conclusion

We're living in an era defined by the proliferation of digital threats, where an organization's ability to not only withstand cyber-attacks but also recover quickly has become essential for long-term survival. This concept of cyber resilience starts with a foundational, comprehensive, and continuous risk identification process.

By carefully defining threats (the "who" and "what" that might attack your organization), understanding vulnerabilities (the "where" and "how" they might breach your defenses), and assessing potential impact (the "so what" if they succeed), organizations can lay the groundwork for a proactive cybersecurity posture rather than a reactive one.

Understanding the motivations and methods of diverse threat actors provides critical intelligence for tailoring your defenses appropriately. Financially driven cybercriminals operate differently from politically motivated hacktivists, who in turn use different tactics than espionage-focused nation-states or insider threats. Each category requires specific defensive considerations.

Establishing and maintaining a thorough asset inventory may seem basic, but it ensures that your organization knows precisely what needs protection. This knowledge allows for targeted and efficient security investments rather than generic approaches that may miss critical assets.

Cybersecurity represents a continuous journey rather than a destination you can reach and then ignore. By embracing rigorous risk identification practices, organizations can move from a reactive stance to a proactive and strategic posture. This shift helps safeguard digital assets, maintain customer trust, and ensure long-term success despite an uncertain and volatile cyber landscape.

The commitment to understanding and adapting to the evolving risk landscape distinguishes truly resilient enterprises from those that simply hope for the best. In cybersecurity, hope is not a strategy, but thorough risk identification can be the foundation of one.

Other Article:

Mod 1Article 1: The Imperative of Cybersecurity Risk Management: Beyond "If" to "When" 
Mod 2 - Article 2: Strategic Threat Modeling: Anticipating the Attack 
Mod 3 - Article 1: Performing a Comprehensive Risk Assessment: Tools and Techniques

 

Comments

Post a Comment

Popular posts from this blog

Cybersecurity Risk Assessment Best Practices: A Practical Guide (Blog Series - Course)

-
This course, "Cybersecurity Risk Assessment Best Practices: A Practical Guide," is designed to equip you with the essential knowledge and actionable strategies to effectively identify, assess, mitigate, and continuously monitor cybersecurity risks within your organization . Cybersecurity is not about completely eradicating risk, but rather managing risks competently and effectively . The course emphasizes that security is a balance of what is most important, what can wait, and what risks are acceptable to your business, as a company cannot be 100% secure or have 0% risk . Upon completion, you will gain a comprehensive understanding of cybersecurity risk management and the practical skills to implement effective safeguards . You'll learn to anticipate and mitigate potential threats proactively , enhancing your organization's ability to resist, absorb, recover from, or adapt to adversity . This will empower you to make informed decisions that align cybersecurity with...
Read more

Cybersecurity Risk Assessment Best Practices - Mod 1 - Foundations of Cybersecurity Risk Management: The Imperative of Cybersecurity Risk Management: Beyond "If" to "When"

-
Image
  I've been working in cybersecurity for over a decade, and if there's one thing I've learned, it's this: the question isn't whether your organization will face a cyberattack. It's when. This shift in thinking represents more than just pessimism. We've moved through several phases of understanding over the years. First, there was the belief in strict security protocols that could keep everything locked down tight. Then we evolved to focus on trustworthy systems, followed by an emphasis on resilience. Now? We're finally coming to terms with the reality that perfect security is impossible, and we need to understand risk in context. This change in perspective seems critical because cybersecurity has stopped being just an IT department headache. It's become central to how every organization operates. The goal these days is to build a security program that helps your company not just survive cyberattacks but bounce back quickly when they happen. The De...
Read more

Cybersecurity Risk Assessment Best Practices - Mod 3 - Assessing and Prioritizing Risks: Performing a Comprehensive Risk Assessment: Tools and Techniques

-
Image
  Organizations today face what seems like an endless parade of cyber-attacks. I've watched small startups get hit just as hard as multinational corporations, and it's clear that size doesn't matter to cybercriminals. What matters is preparation. We're not just talking about building walls around your data anymore; we need to think about cyber resilience. This concept goes beyond traditional defense. It's about bouncing back when (not if) something goes wrong. Cyber resilience appears to be less about preventing every possible attack and more about maintaining operations when disruptions occur. Whether it's ransomware or some other threat we haven't seen before, resilient organizations seem to recover faster and with less damage. The foundation of this resilience? A solid risk assessment process . This guide will walk through the practical tools and techniques I've found most useful for conducting meaningful risk assessments. We'll look at the ...
Read more