I don’t think there has been a day in the last few years where I haven’t been helping a client somewhere with some form of cyber event. Ransomware has become ever more prevalent in 2020/21 but good old data theft, financial credential harvesting, and insiders, malicious or otherwise, are still around. The most frequent organisational vulnerability that I find is complacency.
Monitoring on your own networks inevitably has blind spots. At a rough reckoning, 30-50% of what you would ideally know from all sources is not available to you. Perhaps that accounts for the extended “dwell time” of intruder presence in networks that we see in so many cyber events.
This isn’t about the scale of the risk – most CEOs recognise cyber/data/technology events as hard to price and deserving of effort and spend – but about the extent of situational awareness. Too often business leaders significantly overestimate what they know about their networks and external environment and underestimate the uncertainty they must learn to manage.
