1. Forum
  2. tqwNet
  3. TQW GENTECH

  • The cyber risk framework protecting your organization wasn't buil

    From TechnologyDaily@1337:1/100 to All on Tuesday, June 02, 2026 10:45:24
    The cyber risk framework protecting your organization wasn't built for this adversary

    Date:
    Tue, 02 Jun 2026 09:35:33 +0000

    Description:
    The adversary has changed. The frameworks most organizations rely on haven't caught up.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter The conflict in the Middle East has entered a new phase, but the cyber threats remain. Geopolitical threat actors have been targeting critical infrastructure across sectors.

    With security agencies issuing warnings of attacks exploiting energy, water and government facilities in the U.S., its clear that organizations far from the battlefield remain in scope. Jerry Caponera Social Links Navigation

    SVP of Risk and Threat Exposure Management at Dataminr. Those arent the only industries impacted by the threats. Earlier in the conflict over 150 retaliatory hacktivist incidents slammed the financial sector almost immediately. Most of the organizations affected were responding with cyber risk frameworks built for a different adversary. Latest Videos From Watch
    full video here: You may like When confidence becomes a risk: The gap between cyber resilience readiness and reality AI-driven cyber discovery signals a
    new era of systemic risk for banks The war in Iran is reaching cyberspace - heres how to prepare

    While criminal actors optimize for profit: gain access, steal data , encrypt systems, collect payment. Geopolitical actors follow a different logic. Their goal is to undermine trust in critical systems, disrupt operations and create uncertainty. From reaction to pre-emption The old 'detect and respond' approach isn't enough anymore. If you wait for an attack to happen, youre already behind. Real resilience is about spotting the threat early and fixing the vulnerabilities that allow an attack to work in the first place.

    This requires a new way of calculating risk. The industry has long used a static formula: Risk = Threat x Exposure x Impact. That formula is no longer sufficient because it ignores the variable of time.

    We have to factor in how fast attackers move compared to how quickly we can stop them before they strike. Projections indicate that the time to exploit a new vulnerability will soon drop from days to minutes. A manual response process cannot compete with a ten-minute exploitation window. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get
    all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting
    your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over. The high cost of the status quo Using the financial sector as a case study, we can quantify the potential harm these geopolitical cyber threats pose. Proprietary Dataminr cyberloss data shows that the mean loss for a serious cyber incident at a mid-size bank with $1 billion in
    assets is $36.3 million, while worst-case scenarios can exceed $217 million.

    The mean loss per serious incident for financial institutions in 2024 reached $41.8M the highest ever recorded. Organizations cannot outspend the threat, so they have to out-prioritize it.

    Current risk frameworks were built to measure breach costs, recovery time,
    and data loss. Geopolitical campaigns are designed to produce outcomes those metrics do not capture: payment uncertainty, confidence erosion, and operations built to look like noise until the damage is visible. What to read next From boardroom risk to deal flow: why cyber M&A is accelerating in 2026 The shocking reason 43% of UK businesses have been hit by cyber attacks last year Why our national sovereignty depends on cyber resilience Why standard playbooks break down Geopolitical-style intrusions are harder to detect because the attacker behaves like a patient operator. They rely on legitimate credentials, trusted vendor access, and low-volume actions that register as normal operational activity.

    Standard playbooks work for simple attacks with a clear start and end. Geopolitical threats are different; they are patient and use distractions to wear you down while they hide their real objective.

    This puts pressure on the seams between technical response and business continuity, particularly for small and medium-size organizations.

    Making decisions about operations, customer communications, payment flows,
    and vendor coordination under sustained uncertainty is the real challenge. Three strategic shifts for business leaders Most organizations have workable controls and solid compliance programs. What they typically cannot answer is which specific exposures matter most against the adversaries active right
    now, and which business services get disrupted first if those exposures are exploited. Three adjustments matter most: Adopt a threat-informed model Instead of just listing technical flaws, look at how an outsider could actually use them to get in. Your risk reports should focus on the three biggest threats to the business this quarter, not just a tally of how many patches you've installed. Test for business disruption Practice for a shutdown, not just a data leak. You need to know ahead of time if youre willing to pull the plug on a critical system before youre even 100% sure its been hacked. Thats a business call, not a technical one. Map supply chain exposure Across every industry, your biggest risk is often the partners you trust most. You need to know exactly which vendors have deep access to your payments or data. Don't wait for an annual check-up to see if that trust is being abusedyou need to be watching for it in real time. The era of treating cyber risk as a separate IT problem is over. As geopolitical tensions
    continue to spill into digital systems, the goal for business leaders is no longer just security, but operational persistence.

    Moving to a threat-informed strategy helps organizations stay ahead of politically-motivated attackers instead of just reacting to them. We've featured the best encryption software. This article was produced as part of TechRadar Pro Perspectives , our channel to feature the best and brightest minds in the technology industry today.

    The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/pro/perspectives-how-to-submit



    ======================================================================
    Link to news story: https://www.techradar.com/pro/the-cyber-risk-framework-protecting-your-organiz ation-wasnt-built-for-this-adversary


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)