I don’t know how many times I’ve heard cybersecurity professionals say something like, “Not having multi-factor authentication is a huge risk for our organization.” The truth is, that type of statement may illustrate a control weakness, but unless the unwanted outcome is a ding in an audit report where MFA is required, that is not the real risk. The real risk is the probability of a ransomware incident, for example, or the leak of personally identifiable information (PII) from a customer database.
For enterprises, risk lay in the potential losses associated with unwanted outcomes incurred through their computing environments. (The cybersecurity piece of this typically focuses on incidents where these outcomes were caused by an intelligent adversary.) A simple way to think about unwanted outcomes is to consider the ways we might fail to meet one or more of our control objectives – confidentiality, integrity, availability, or other objectives – and experience one of the aforementioned incidents, among others.
To read this article in full, please click here
More Stories
White House to Tackle AI-Generated Sexual Abuse Images
White House issues new voluntary commitments to combat image-based sexual abuse in AI Read More
Legacy Ivanti Cloud Service Appliance Being Exploited
CISA wants everyone—and government agencies in particular—to remove or upgrade an Ivanti Cloud Service Appliance (CSA) that is no longer...
Half of UK Firms Lack Basic Cybersecurity Skills
A new government report reveals that nearly half of UK businesses lack basic cybersecurity skills, while advanced skills like penetration...
Advanced Phishing Attacks Put X Accounts at Risk
SIM swapping and “adversary-in-the-middle” can bypass security for accounts on X (formerly Twitter) Read More
Apple to Drop Spyware Lawsuit Over Security Concerns
Apple filed a motion to drop its lawsuit against NSO Group, fears key elements of its cyber defensive measures could...
Tackling the Unique Cybersecurity Challenges of Online Learning Platforms
The content of this post is solely the responsibility of the author. LevelBlue does not adopt or endorse any of...