Maintaining digital risk management in today’s connected world requires updating security processes and procedures to identify the levels of risk that the more traditional approaches fail to identify. This means understanding your applications and the interconnection between technologies across your supply chain/alliances and/or partners. You also need to understand the data processes.
That means data flow mapping – “knowing” your data; “who” has got access to “what”; “how” do they access it and “how often”; and the physical locations that could be under different local regulation and legislation. This should be accompanied by work to build mature commercial obligations between you and your suppliers to achieve the levels of risk mitigation you require.
The source of threats and inherent risk can be identified through several means, including threat intelligence mapping of the organisation’s digital footprint or attack surface and the threat actors targeting your organisation or sector.
Threat hunting exercises should be carried out regularly, for example looking for subdomain takeover opportunities or attackers that are targeting organisations by…
