Information technology assets—and the ways criminals exploit them—keep evolving. Ransomware, for example, has changed the threat landscape by targeting operational rather than sensitive data. Criminals aren’t standing still and organizations can’t afford to either.
Monitoring alone isn’t enough. Cyber attacks and breaches have continued to rise, with breach detections coming from external sources almost half the time and three months’ time on average until a breach is discovered. Organizations need to stop behaving like prey and start hunting for hackers. In this article, Protiviti’s Adam Brand explains the concept of threat hunting and describes how the internal audit function can play a significant role in this process.