{"id":39715,"date":"2021-02-24T17:00:04","date_gmt":"2021-02-24T17:00:04","guid":{"rendered":"https:\/\/www.microsoft.com\/security\/blog\/?p=92924"},"modified":"2021-02-24T17:00:04","modified_gmt":"2021-02-24T17:00:04","slug":"becoming-resilient-by-understanding-cybersecurity-risks-part-3-a-security-pros-perspective","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/becoming-resilient-by-understanding-cybersecurity-risks-part-3-a-security-pros-perspective\/","title":{"rendered":"Becoming resilient by understanding cybersecurity risks: Part 3\u2014a security pro\u2019s perspective"},"content":{"rendered":"<p>In <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2020\/12\/17\/becoming-resilient-by-understanding-cybersecurity-risks-part-2\/\" target=\"_blank\" rel=\"noopener noreferrer\">part two of this blog series<\/a> on aligning security with business objectives and risk, we explored the importance of thinking and acting holistically, using the example of human-operated ransomware, which threatens every organization in every industry. As we exited 2020, the <a href=\"https:\/\/aka.ms\/solorigate\">Solorigate attack<\/a> highlighted how attackers are continuously evolving. These nation-state threat actors used an organization\u2019s software supply chain against them, with the attackers compromising legitimate software and applications with malware that installed into target organizations.<\/p>\n<p>In part three of this series, we will further explore what it takes for security leaders to pivot their program from looking at their mission as purely defending against technical attacks to one that focuses on protecting valuable business assets, data, and applications. This pivot will enable business and cybersecurity leaders to remain better aligned and more resilient to a broader spectrum of attack vectors and attacker motivations.<\/p>\n<h2>What problem do we face?<\/h2>\n<p>First, let\u2019s set a quick baseline on the characteristics of human-operated cyberattacks.<\/p>\n<p>This diagram depicts commonalities and differences between for-profit ransomware and espionage campaigns:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-92929 size-large\" src=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2021\/02\/AttackComparison-1024x593.png\" alt=\"diagram showing commonalities and differences between for-profit ransomware and espionage campaigns\" width=\"1024\" height=\"593\" srcset=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2021\/02\/AttackComparison-1024x593.png 1024w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2021\/02\/AttackComparison-300x174.png 300w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2021\/02\/AttackComparison-768x445.png 768w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2021\/02\/AttackComparison-1536x889.png 1536w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2021\/02\/AttackComparison.png 1864w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\"><\/p>\n<p><em>Figure 1: Comparison of human-operated attack campaigns.<\/em><\/p>\n<p>Typically, the attackers are:<\/p>\n<ul>\n<li><strong>Flexible: <\/strong>Utilize more than one attack vector to gain entry to the network.<\/li>\n<li><strong>Objective driven<\/strong>: Achieve a defined purpose from accessing your environment. This could be specific to your people, data, or applications, but you may also just fit a class of targets like \u201ca profitable company that is likely to pay to restore access to their data and systems.\u201d<\/li>\n<li><strong>Stealthy: <\/strong>Take precautions to remove evidence or obfuscate their tracks (though at different investment and priority levels, see figure one)<\/li>\n<li><strong>Patient: <\/strong>Take time to perform reconnaissance to understand the infrastructure and business environment.<\/li>\n<li><strong>Well-resourced and skilled<\/strong> in the technologies they are targeting (though the depth of skill can vary).<\/li>\n<li><strong>Experienced: <\/strong>They use established techniques and tools to gain elevated privileges to access or control different aspects of the estate (which grants them the privileges they need to fulfill their objective).<\/li>\n<\/ul>\n<p>There are variations in the attack style depending on the motivation and objective, but the core methodology is the same. In some ways, this is analogous to the difference between a modern electric car versus a \u201cMad Max\u201d style vehicle assembled from whatever spare parts were readily and cheaply available.<\/p>\n<h2>What to do about it?<\/h2>\n<p>Because human attackers are adaptable, a static technology-focused strategy won\u2019t provide the flexibility and agility you need to keep up with (and get ahead of) these attacks. Historically, cybersecurity has tended to focus on the infrastructure, networks, and devices\u2014without necessarily understanding how these technical elements correlate to business objectives and risk.<\/p>\n<p>By understanding the value of information as a business asset, we can take concerted action to prevent compromise and limit risk exposure. Take email, for example, every employee in the company typically uses it, and the majority of communications have limited value to attackers. However, it also contains potentially highly sensitive and legally privileged information (which is why email is often the ultimate target of many sophisticated attacks). Categorizing email through only a technical lens would incorrectly categorize email as either a high-value asset (correct for those few very important items, but impossible to scale) or a low-value asset (correct for most items, but misses the \u201ccrown\u201d jewels in email).<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-92926 size-full\" src=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2021\/02\/Picture2-3.png\" alt=\"Business-centric security.\" width=\"1863\" height=\"702\" srcset=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2021\/02\/Picture2-3.png 1863w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2021\/02\/Picture2-3-300x113.png 300w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2021\/02\/Picture2-3-1024x386.png 1024w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2021\/02\/Picture2-3-768x289.png 768w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2021\/02\/Picture2-3-1536x579.png 1536w\" sizes=\"auto, (max-width: 1863px) 100vw, 1863px\"><\/p>\n<p><em>Figure 2: Business-centric security.<\/em><\/p>\n<p>Security leaders must step back from the technical lens, learn what assets and data are important to business leaders, and prioritize how teams spend their time, attention, and budget through the lens of business importance. The technical lens will be re-applied as the security, and IT teams work through solutions, but looking at this <em>only<\/em> as a technology problem runs a high risk of solving the wrong problems.<\/p>\n<p>It is a journey to fully understand how business value translates to technical assets, but it\u2019s critical to get started and make this a top priority to end the eternal game of \u2018whack-a-mole\u2019 that security plays today.<\/p>\n<p>Security leaders should focus on enabling this transformation by:<\/p>\n<ol>\n<li><strong>Aligning the<\/strong> <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2018\/10\/18\/ciso-series-building-a-security-minded-culture-starts-with-talking-to-business-managers\/\" target=\"_blank\" rel=\"noopener noreferrer\">business in a two-way relationship<\/a>:<\/li>\n<\/ol>\n<ul>\n<li><strong>Communicate in their language<\/strong>: explain security threats in business-friendly language and terminology that helps to quantify the risk and impact to the overall business strategy and mission.<\/li>\n<li><strong>Participate in active listening and learning<\/strong>: talk to people across the business to understand the important business services and information and the impact if that were compromised or breached. This will provide clear insight into prioritizing the investment in policies, standards, training, and security controls.<\/li>\n<\/ul>\n<ol start=\"2\">\n<li><strong>Translating<\/strong><strong> learnings about business priorities and risks into concrete and sustainable actions:<\/strong><\/li>\n<\/ol>\n<ul>\n<li><strong>Short term <\/strong>focus on dealing with burning priorities:\n<ul>\n<li>Protecting critical assets and high-value information with appropriate security controls (that increases security while enabling business productivity)<\/li>\n<li>Focus on immediate and emerging threats that are most likely to cause business impact.<\/li>\n<li>Monitoring changes in business strategies and initiatives to stay in alignment.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li><strong>Long term<\/strong> set direction and priorities to make steady progress over time, to improve overall security posture:\n<ul>\n<li><strong>Zero Trust: <\/strong>Create a clear vision, strategy, plan, and architecture for reducing risks in your organization aligned to the <a href=\"https:\/\/aka.ms\/zerotrust\" target=\"_blank\" rel=\"noopener noreferrer\">zero trust<\/a> principles of assuming breach, least privilege, and explicit verification. Adopting these principles shifts from static controls to more dynamic risk-based decisions that are based on real-time detections of anomalous behavior irrespective of where the threat derived.<\/li>\n<li><strong>B<\/strong><strong>urndown technical debt<\/strong> as a consistent strategy by operating security best practices across the organization such as replacing password-based authentication with <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2020\/12\/17\/a-breakthrough-year-for-passwordless-technology\/\" target=\"_blank\" rel=\"noopener noreferrer\">passwordless and multi-factor authentication (MFA),<\/a> applying security patches, and retiring (or isolating) legacy systems. Just like paying off a mortgage, you need to make steady payments to realize the full benefit and value of your investments.<\/li>\n<li><strong>Apply data classifications<\/strong>, sensitivity labels, and role-based access controls to protect data from loss or compromise throughout its lifecycle. While these can\u2019t completely capture the dynamic nature and richness of business context and insight, they are key enablers to guide <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2021\/01\/14\/simplify-compliance-and-manage-risk-with-microsoft-compliance-manager\/\" target=\"_blank\" rel=\"noopener noreferrer\">information protection and governance<\/a>, limiting the potential impact of an attack.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ol start=\"3\">\n<li><strong>Establishing a healthy<\/strong> <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2020\/10\/05\/3-ways-microsoft-helps-build-cyber-safety-awareness-for-all\/\" target=\"_blank\" rel=\"noopener noreferrer\">security culture<\/a> by explicitly practicing, communicating, and publicly modeling the right behavior. The culture should focus on open collaboration between business, IT, and security colleagues and applying a \u2018growth mindset\u2019 of continuous learning. Culture changes should be focused on removing siloes from security, IT, and the larger business organization to achieve greater knowledge sharing and resilience levels.<\/li>\n<\/ol>\n<p>You can read more on <a href=\"https:\/\/aka.ms\/securitystrategy\" target=\"_blank\" rel=\"noopener noreferrer\">Microsoft\u2019s recommendations for security strategy and culture here<\/a>.<\/p>\n<p>In the next blog of the series, we will explore the most common attack vectors, how and why they work so effectively, and the strategies to mitigate evolving cybersecurity threats.<\/p>\n<p>To learn more about Microsoft Security solutions <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/business\/solutions\" target=\"_blank\" rel=\"noopener noreferrer\">visit our&nbsp;website<\/a>.&nbsp;Bookmark the&nbsp;<a href=\"https:\/\/www.microsoft.com\/security\/blog\/\" target=\"_blank\" rel=\"noopener noreferrer\">Security blog<\/a>&nbsp;to keep up with our expert coverage on security matters. Also, follow us at&nbsp;<a href=\"https:\/\/twitter.com\/@MSFTSecurity\" target=\"_blank\" rel=\"noopener noreferrer\">@MSFTSecurity<\/a>&nbsp;for the latest news and updates on cybersecurity.<\/p>\n<p> READ MORE <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2021\/02\/24\/becoming-resilient-by-understanding-cybersecurity-risks-part-3-a-security-pros-perspective\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Get insights on how to work with business leaders to manage risk and defend against sophisticated cyber threats.<br \/>\nThe post Becoming resilient by understanding cybersecurity risks: Part 3\u2014a security pro\u2019s perspective appeared first on Microsoft Security. READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":39716,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[276],"tags":[6579,347,101,654,1065],"class_list":["post-39715","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-microsoft-secure","tag-ciso-series-page","tag-cybersecurity","tag-data-privacy","tag-security-development","tag-security-response"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Becoming resilient by understanding cybersecurity risks: Part 3\u2014a security pro\u2019s perspective 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/becoming-resilient-by-understanding-cybersecurity-risks-part-3-a-security-pros-perspective\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Becoming resilient by understanding cybersecurity risks: Part 3\u2014a security pro\u2019s perspective 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/becoming-resilient-by-understanding-cybersecurity-risks-part-3-a-security-pros-perspective\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2021-02-24T17:00:04+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/02\/becoming-resilient-by-understanding-cybersecurity-risks-part-3-a-security-pros-perspective.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1024\" \/>\n\t<meta property=\"og:image:height\" content=\"593\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/becoming-resilient-by-understanding-cybersecurity-risks-part-3-a-security-pros-perspective\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/becoming-resilient-by-understanding-cybersecurity-risks-part-3-a-security-pros-perspective\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Becoming resilient by understanding cybersecurity risks: Part 3\u2014a security pro\u2019s perspective\",\"datePublished\":\"2021-02-24T17:00:04+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/becoming-resilient-by-understanding-cybersecurity-risks-part-3-a-security-pros-perspective\\\/\"},\"wordCount\":1148,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/becoming-resilient-by-understanding-cybersecurity-risks-part-3-a-security-pros-perspective\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/02\\\/becoming-resilient-by-understanding-cybersecurity-risks-part-3-a-security-pros-perspective.png\",\"keywords\":[\"Ciso series page\",\"Cybersecurity\",\"Data Privacy\",\"Security Development\",\"Security Response\"],\"articleSection\":[\"Microsoft Secure\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/becoming-resilient-by-understanding-cybersecurity-risks-part-3-a-security-pros-perspective\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/becoming-resilient-by-understanding-cybersecurity-risks-part-3-a-security-pros-perspective\\\/\",\"name\":\"Becoming resilient by understanding cybersecurity risks: Part 3\u2014a security pro\u2019s perspective 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/becoming-resilient-by-understanding-cybersecurity-risks-part-3-a-security-pros-perspective\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/becoming-resilient-by-understanding-cybersecurity-risks-part-3-a-security-pros-perspective\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/02\\\/becoming-resilient-by-understanding-cybersecurity-risks-part-3-a-security-pros-perspective.png\",\"datePublished\":\"2021-02-24T17:00:04+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/becoming-resilient-by-understanding-cybersecurity-risks-part-3-a-security-pros-perspective\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/becoming-resilient-by-understanding-cybersecurity-risks-part-3-a-security-pros-perspective\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/becoming-resilient-by-understanding-cybersecurity-risks-part-3-a-security-pros-perspective\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/02\\\/becoming-resilient-by-understanding-cybersecurity-risks-part-3-a-security-pros-perspective.png\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/02\\\/becoming-resilient-by-understanding-cybersecurity-risks-part-3-a-security-pros-perspective.png\",\"width\":1024,\"height\":593},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/becoming-resilient-by-understanding-cybersecurity-risks-part-3-a-security-pros-perspective\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Ciso series page\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/ciso-series-page\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Becoming resilient by understanding cybersecurity risks: Part 3\u2014a security pro\u2019s perspective\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Becoming resilient by understanding cybersecurity risks: Part 3\u2014a security pro\u2019s perspective 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/becoming-resilient-by-understanding-cybersecurity-risks-part-3-a-security-pros-perspective\/","og_locale":"en_US","og_type":"article","og_title":"Becoming resilient by understanding cybersecurity risks: Part 3\u2014a security pro\u2019s perspective 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/becoming-resilient-by-understanding-cybersecurity-risks-part-3-a-security-pros-perspective\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2021-02-24T17:00:04+00:00","og_image":[{"width":1024,"height":593,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/02\/becoming-resilient-by-understanding-cybersecurity-risks-part-3-a-security-pros-perspective.png","type":"image\/png"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/becoming-resilient-by-understanding-cybersecurity-risks-part-3-a-security-pros-perspective\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/becoming-resilient-by-understanding-cybersecurity-risks-part-3-a-security-pros-perspective\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Becoming resilient by understanding cybersecurity risks: Part 3\u2014a security pro\u2019s perspective","datePublished":"2021-02-24T17:00:04+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/becoming-resilient-by-understanding-cybersecurity-risks-part-3-a-security-pros-perspective\/"},"wordCount":1148,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/becoming-resilient-by-understanding-cybersecurity-risks-part-3-a-security-pros-perspective\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/02\/becoming-resilient-by-understanding-cybersecurity-risks-part-3-a-security-pros-perspective.png","keywords":["Ciso series page","Cybersecurity","Data Privacy","Security Development","Security Response"],"articleSection":["Microsoft Secure"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/becoming-resilient-by-understanding-cybersecurity-risks-part-3-a-security-pros-perspective\/","url":"https:\/\/www.threatshub.org\/blog\/becoming-resilient-by-understanding-cybersecurity-risks-part-3-a-security-pros-perspective\/","name":"Becoming resilient by understanding cybersecurity risks: Part 3\u2014a security pro\u2019s perspective 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/becoming-resilient-by-understanding-cybersecurity-risks-part-3-a-security-pros-perspective\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/becoming-resilient-by-understanding-cybersecurity-risks-part-3-a-security-pros-perspective\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/02\/becoming-resilient-by-understanding-cybersecurity-risks-part-3-a-security-pros-perspective.png","datePublished":"2021-02-24T17:00:04+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/becoming-resilient-by-understanding-cybersecurity-risks-part-3-a-security-pros-perspective\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/becoming-resilient-by-understanding-cybersecurity-risks-part-3-a-security-pros-perspective\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/becoming-resilient-by-understanding-cybersecurity-risks-part-3-a-security-pros-perspective\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/02\/becoming-resilient-by-understanding-cybersecurity-risks-part-3-a-security-pros-perspective.png","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/02\/becoming-resilient-by-understanding-cybersecurity-risks-part-3-a-security-pros-perspective.png","width":1024,"height":593},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/becoming-resilient-by-understanding-cybersecurity-risks-part-3-a-security-pros-perspective\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Ciso series page","item":"https:\/\/www.threatshub.org\/blog\/tag\/ciso-series-page\/"},{"@type":"ListItem","position":3,"name":"Becoming resilient by understanding cybersecurity risks: Part 3\u2014a security pro\u2019s perspective"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/39715","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=39715"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/39715\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/39716"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=39715"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=39715"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=39715"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}