Now, of course, we also have to always think about what's coming, what's down the line. And the problem about that is you don't know what you don't know. So we have these trends thes emerging risks where we can kind of get an idea of what's on the horizon. But then always something kind of comes in out of left field.
I remember the first time we started hearing about ransomware attacks,
and so many organizations were caught off guard because that just wasn't part of their current risk management strategy. So we have to think about the fact that new threats and vulnerabilities are ultimately continuing to merge, just like they always have.
And they come from all sorts of different sources.
So we can't forget the fact that our internal employees pose the greatest risk to us. You know, if you're looking where fraud comes from, from the inside,
we have to think about contractors as well and business partners, anybody that we're allowing into our environment. Well, they're gonna have a little bit better access or a little bit more control or access. However you want to say that, then the external Attackers
and when we look at these. You know, I've talked about malicious attacks. These were great stunts come from. But remember to Onley about 1/3 of security violations from the inside or malicious. So you've got 2/3 of these attacks that are just accidents.
And really, that's where the network administrator
and that's where risk management comes into play, is how can we live it, what our employees do, intentionally or unintentionally,
and yet still allow them to perform their work functions.
Then we've also got to consider about cyber, credible criminals, state sponsored criminals. They're even, you know, when you look at the black cat community, often their competitions directed at specific organizations
that you know they're turning it into a competitive environment, who can denial of service, this system or this company or another,
and then something that we've seen quite a bit of over the last four or five years has been hacktivism where folks with, um, you know, with hackers that have a beef, so to speak, with an organization, or perhaps a political group or whatever
launching denial of service attacks have been very popular
to take Visa or MasterCard down because they don't like limitations that they put on wiki leaks. For instance, Visa MasterCard ah had cut off the The resource is the financial resource is toe wiki leaks over
Ah, several of the instances that they, you know, several security breaches.
And so the hack of us came back and said, Okay, we'll take you off line for, uh, you know, minutes, hours, however, So these air kind of some some trends that we're starting to see and we have to think about the future after think about the future in Sometimes
we're so focused on mitigating the last risk
that hit us that we're not thinking of the future. If you're preparing for the risk that hit you today, you're behind. You're already behind. So we have to look at the new technologies. You know, I've mentioned threat modeling and will continue to talk about threat modeling throughout.
We've gotta look a new technologies from that standpoint
And if you don't have your eye on the future like I said, we're not going to notice the trends that are emerging. We're not gonna properly evaluate the new technology, and we're not gonna be a proactive organisation.
We're gonna be a reactive