Threat-Informed Cybersecurity: Are You Ready and Resilient? Part I
Long popular in the military, “readiness and resiliency” is a staple of cybersecurity, too. It makes sense. Both institutions value (1) being alert to threats and risks while (2) recognizing that the types of threats and risks themselves are less important than the reaction to them. But how companies PERCEIVE risk is often very different from how they TAKE ON risks. Over 90% of my penetration tests have concluded with successful entry into “secure” environments.