Which attack vectors and/or techniques should CISOs be aware of, but are often overlooked?

Threat and Vulnerability Management, Risk Management Denial of service and cross script

6 comments

https://www.pulse.qa

Pulse User

Denial of service and cross script

Pulse User

I would also add phishing emails, are a very big problem. Security awareness and internal phishing email exercises are helpful in containing the exposure. 

Pulse User

3rd, 4th vendors access

Pulse User

I'd say BEC scams, 3rd party vendor access amongst others....

Pulse User

Vendor Management and Risk Assessments of new software and tools brought into the environment

Pulse User

Often CISO’s often forgets that in order to protect the data, they should first understand what data they are trying to protect meaning confidential, sensitive PII, SOX, etc etc. If they can isolate where that data is an put additional guardrails around it, I believe it will help them tremendously.