FTX, risk management, and attack surfaces - Visibility is the Key
The FTX crypto disaster is a great lesson in risk management. It brings into focus the importance of knowing where your valuables are and how they are being managed.
The FTX crypto disaster is a great lesson in risk management. It brings into focus the importance of knowing where your valuables are and how they are being managed.
This is a developing story. Updates will be amended as new information and guidance become available.
From Executive Orders to cyber insurance and evolving regulations, security teams are entering the age of evidence. Want to do business with a government entity? You must demonstrate adherence to zero-trust principles. Want cyber insurance? You need documentation of your entire attack surface. Want to conduct financial services business in various regions? Show your operational resiliency.
Investors came into 2022 feeling good, with a three-year average annual return for the S&P 500 of 24%. In March, things changed. The Federal Reserve raised interest rates, signaling it was time to switch to bonds. The playbook said bonds were the much safer play. Then Russia invaded Ukraine. Commodity prices, especially energy and food, spiked. Supply chains broke. The E.U. faced a winter without enough energy to heat homes or power businesses.
Attack Surface Assessment tools enable information security teams to look at their organizations “outside-in” from the attacker’s point of view, prioritizing the issues that attackers will see first.
In the past, the attack surface was defined and protected by the boundaries of the organization’s physical network (aka the LAN). Using physical security methods, firewalls, and careful monitoring, organizations kept their data, endpoints, and networks secure. The entire attack surface was internal, within a well-defined and fortified perimeter.