{"id":87266,"date":"2024-05-02T09:14:26","date_gmt":"2024-05-02T16:14:26","guid":{"rendered":"https:\/\/forescoutstage.wpengine.com\/?p=87266"},"modified":"2024-08-20T07:13:39","modified_gmt":"2024-08-20T14:13:39","slug":"beyond-bullet-holes-unveiling-cybersecuritys-hidden-risk-exposures","status":"publish","type":"post","link":"https:\/\/www.forescout.com\/blog\/beyond-bullet-holes-unveiling-cybersecuritys-hidden-risk-exposures\/","title":{"rendered":"Beyond Bullet Holes: Unveiling Cybersecurity’s Hidden Risk Exposures"},"content":{"rendered":"

The art of risk assessment has long been a crucial element of military strategy and decision-making \u2013 and it remains critical to today\u2019s best practices in cybersecurity defense.<\/p>\n

Abraham Wald, a mathematical genius, played a pivotal role in revolutionizing the understanding of hidden risk and exposure with his innovative work on aircraft survivability. During World War II, the US air force wanted effective methods to protect aircraft against enemy fire. Wald\u2019s innovative approach stood out.<\/p>\n

Unlike conventional ways of reinforcing heavily damaged and bullet-struck areas (Fig. 1), Wald analyzed data on returning aircraft with bullet holes and proposed something unique. He shifted attention to the untouched regions of those planes to reveal critical insights into where reinforcement was most needed.<\/p>\n

Wald’s logic was irrefutable: The absence of bullet holes in certain sections of aircraft wasn’t due to luck. It was because the planes hit in those areas simply never made it back.<\/p>\n


\n\"\"<\/a><\/center>
\n
Figure 1 \u2013 The red dots represent the bullet holes (source: Wikipedia)<\/em><\/center>\n

 <\/p>\n

Wald’s \u2018survivorship bias\u2019 methodology offers a compelling analogy for today\u2019s risk management. We need to think more strategically to gain a deeper understanding of risk \u2013 and not allow selective \u2018success\u2019 filters dissuade the mission. It\u2019s time to accept there are hidden risks from limited visibility \u2014 and that hidden risks are a persistent threat to business and to human safety.<\/p>\n

Targeting the Blind Spots in Cybersecurity<\/h2>\n

Today\u2019s landscape is complex and constantly evolving, especially with the widespread use of Internet of Things (IoT) \u2013 and Operational Technology (OT). By 2028, connected IoT devices will expand<\/a> to over 25 billion. They have significantly expanded the attack surface creating new challenges and vulnerabilities.<\/p>\n

Uncovering blind spots is what Wald teaches us. By adopting his holistic approach to assess the entire situation rather than only visible damage, cybersecurity teams need comprehensive visibility. These blind spots may include unmanaged devices, including bring your own devices (BYOD) that connect and disconnect from the network \u2014 and third-party devices linked to the network.<\/p>\n

With a clear view of all cyber assets, applications and networks, security professionals can identify potential vulnerabilities and exploitable weak points. Enhanced visibility promotes a more targeted and efficient cybersecurity strategy. With it, organizations can:<\/p>\n