When we look at reining in and limiting nefarious activity on organisational networks, it helps to think like a criminal. Criminals look for vulnerabilities. They think in ‘graphs,’ while the organisations they target usually think in lists, combating crime through elimination.
Graphs are a way of representing reality in terms of nodes and the connections or relationships between them. Cybercriminals are looking for undetected relationships to exploit. It is these weaknesses that are inherent vulnerabilities. They are the multiple small connections that criminals seek to circumvent an organisation’s security measures.
Technology systems are built to withhold attacks, but many entry points exploit systemic vulnerabilities in an increasingly connected world. They are accessing a hole in the HR system to get to the financial accounts, for example.