YOU CAN'T GOVERN THE RISK THAT YOU DON'T UNDERSTAND!
During the current lockdown I am finding more time to review interesting articles and blog posts, and I would like to share with you one I came across at Forbes, 5 Things Corporate Boards Get Wrong About Digital Risk. Of the 5 things number 3 stood out the most, hence the title of this post! Cyber is just another risk that boards must address, and during these unprecedented times many businesses are being exposed to additional risk through remote working etc.
To understand part of the picture you need to understand your defensive posture and I am a huge fan of 'Breach Attack Simulation software' as a continuous test, which adds more value than vulnerability scans and the odd penetration test. You do however need to have the correct assets and knowledge in place to get the most benefit from BAS testing and that falls down to detection. Not only do you want to discover and mitigate any weaknesses found from running constant BAS but you should also use it to test your monitoring and detection tools. This goes beyond the Firewalls and perimeter defences that, let's be honest. are not being monitored in a lot of cases.
You need a single pane of glass showing you your entire network from the perimeter through to critical server events, only then will you be able to understand and produce meaningful reports to the Board.