System Information Discovery
Join Dr. Carlo Tarantini, Dr Suleyman Ozarslan and myself via watching this on-demand webinar recording which can help you to learn about
- How do adversaries leverage ‘System-Information Discovery’ into their targets?
- What are the significant benefits that T1082 provides for adversaries?
- What are the use cases by threat actors and their malware?
- How do Red Teams simulate this technique?
- How do Blue Teams detect this technique?
- How can you test T1082 System-Information Discovery with Picus in your environment?
You can register here
https://events.picussecurity.com/attck-in-action-t1082-system-information-discovery
watch the recording here :
Anyone who tweets about the session can win one of my books based on the choice. (Offer ends 20 September 2020 1PM GMT Time Zone)
https://youtu.be/gi0vxXi-V_c?si=ffMw9LR8xfQ-M6Ys
In this webinar, Dr. Erdal Ozkaya from Standard Chartered Bank joined Picus for the webinar and we talked about T1082 System-Information Discovery.
Watch it on-demand webinar & discover: How do adversaries leverage ‘System Information Discovery’ into their targets?
What are the significant benefits that T1082 provides for adversaries?
What are the use cases by threat actors and their malware? How do Red Teams simulate this technique?
How do Blue Teams detect this technique?
How can you test T1082 System Information Discovery with Picus in your environment?
Speakers Dr. Süleyman Özarslan ,Co-Founder, VP of Picus Labs, Picus Dr. Erdal Ozkaya, Regional Chief Information security Officer , Managing Director, Standard Chartered Bank Dr. Carlo Tarantini , Product Marketing Manager, Picus
For more evets :
https://www.erdalozkaya.com/category/free-events/
CISO Insight
Cybersecurity is not a product you buy or a project you complete — it is a continuous operational discipline. The organisations that achieve genuine security maturity are those that embed security thinking into every business decision, invest in people and processes alongside technology, and build resilience for the inevitable day when preventive controls fail.
The Evolving Cybersecurity Landscape
The cybersecurity threat landscape continues to evolve at a pace that challenges even the most well-resourced security teams. AI-powered attacks, supply chain compromises, ransomware-as-a-service operations, and state-sponsored campaigns create a multi-dimensional threat environment that no single technology can address. The organisations that defend most effectively are those that take a risk-based approach — understanding which assets are most critical, which threats are most likely, and where their defensive investments will have the greatest impact.
For CISOs, the challenge is translating this complex threat landscape into actionable strategy that the board can understand and fund. This requires the ability to quantify cyber risk in business terms, prioritise investments based on risk reduction rather than vendor marketing, and communicate security posture in a language that resonates with non-technical stakeholders. The CISO who can articulate “a ransomware attack on our supply chain system would cost us $15 million in downtime” is far more effective than one who reports “we have 47 critical vulnerabilities.”
Building a Defence-in-Depth Strategy
Effective cybersecurity requires layered defences that address the full attack lifecycle — from initial reconnaissance through to data exfiltration and impact. No single control is sufficient, because every control has limitations and can be bypassed by a sufficiently motivated and capable adversary. The goal is to create enough layers that an attacker must overcome multiple independent defences to achieve their objective, while ensuring that detection and response capabilities can identify and contain breaches before they cause catastrophic damage.
Frequently Asked Questions
What is the biggest cybersecurity mistake organisations make?
Treating cybersecurity as a technology problem rather than a business risk management discipline. Organisations that buy security tools without a coherent strategy, skip basic hygiene in favour of advanced solutions, or fail to invest in people and processes alongside technology consistently underperform. The fundamentals — patch management, access control, security awareness, incident response planning — prevent more breaches than any advanced technology.
How should CISOs prioritise their security investments?
Start with a risk assessment that identifies your most critical assets and most likely threats. Prioritise controls that address the highest-risk scenarios first. Ensure basic hygiene is solid before investing in advanced capabilities. Use frameworks like NIST CSF or CIS Controls to structure your programme, and measure progress with metrics that the board can understand and act upon.
Related reading: Visit our Cyber Resilience Hub for enterprise security frameworks, or download the CISO Toolkit for governance templates and playbooks.