Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

We know that everyone loves a feel-good, optimistic story, and when we set out to write our annual State of the Underground report — an analysis of nearly 2 billion intelligence items that we collected in 2024, including posts from underground forums and markets, Telegram messages, and news articles — we hoped to find the cyber equivalent of a cup of hot chocolate.

Recently, industry analyst Jon Oltsik outlined a critical shift underway in cybersecurity: the move toward a threat-informed defense. As Oltsik describes, organizations are beginning to strengthen the intersection of vulnerability scanning and threat intelligence, using AI to bolster asset classification and risk scoring. This evolution is essential as enterprises seek to move beyond fragmented security practices and build a more cohesive exposure management strategy.

Picture this: your vendor’s latest security audit just landed in your inbox, and you spot multiple failure points. What’s your immediate action plan? Failed vendor audits are an uncomfortable but increasingly common reality as reliance on third-party vendors grows, and handling them poorly can lead to data breaches, costly compliance violations, and serious operational disruptions. Knowing how to respond effectively isn't just good practice—it's essential risk management.

As the attack surface expands and organizations face pressure from evolving regulatory requirements, it becomes increasingly difficult to align compliance management with overall risk strategy. As a result, many organizations are managing compliance and risk separately, leading to redundancies, inefficiencies, and critical gaps that are overlooked or improperly managed.

‍Cyber risks have steadily grown more disastrous over the years, with a single event having the power to cause billions of dollars worth of damage. As business leaders watch the monetary losses pile up, whether facing them firsthand or witnessing industry peers absorb the blow, they have begun to realize that they can no longer conceive of cybersecurity as a technical duty managed solely under the chief information security officer’s (CISO’s) purview.

In April 2025, Marks & Spencer, the Co-op Group, and Harrods were all targeted by cyber-attacks that caused disruption across their services. Although attribution is still being confirmed, indicators strongly link these attacks to Scattered Spider, a group known for aggressive, human-centric tactics and high-profile breaches. This post is not an incident breakdown for each retailer.

We’ve been hearing (and using) a lot of acronyms lately. MCP, A2A, ACP… it’s easy to fall behind. Fortunately for our customers, all of these new standards are API based! Since Riscosity is built to discover, monitor, and govern all HTTP-based data flows, it requires no extra integration or setup to handle MCP, A2A, or ACP traffic.

Network risk assessment is the cornerstone of any good cybersecurity strategy, not just another compliance checkbox. However, organizations that regularly and systematically assess the threat to their networks tend to be significantly more resilient to threats and intrusive actions and consistently show greater continuity of operations under attack.