BUSINESS surveillance
Some mitigation plans are based on compliance audits or security guidelines , such as NIST . Companies need to not only monitor for stolen passwords , but also prevent users from creating new passwords that have been previously leaked . Analysts should monitor and request takedowns for fake login pages targeting an organisation . Takedowns are never an easy process . Using a provider with a high success rate will save security teams going back and forth with domain registrars . ( A trusted partner will also steer you away from a takedown that will likely not be successful ).
Summing it up
Understanding a company ’ s most important assets is a critical stepping stone to prioritising what to monitor and mitigate .
We haven ’ t forgotten about the fictitious CISO . If your team has properly mapped assets , installed appropriate monitoring services and enabled mitigating controls , that next Friday afternoon email should be easier to write . You may use Generative AI to produce an outline of the attack patterns used and how your company could be impacted . However , don ’ t forget to mention areas that need improvement . It is worthwhile to include how the social engineering aspect of the attack is more difficult to combat . You may not receive an on-the-spot promotion for your email summary , but your team ’ s well-crafted response will prove the importance of having the data , platforms and people to answer the board ’ s next security question .
Understanding a company ’ s most important assets is a critical stepping stone to prioritising what to monitor and mitigate .
WWW . INTELLIGENTCISO . COM 65