Expert Speak
Achieving a Successful Continuous Threat Exposure Management Program
Written by Lydia Zhang, the President and Co-founder of Ridge Security
If your organization is concerned about increasing and expanding cyber threats, you are not alone. While many enterprises recognize the need to create a multi-layered security posture, this article explores the importance of Continuous Threat Exposure Management (CTEM) and how it can help proactively manage risks and bolster defences against growing cyber threats.
CTEM is a cybersecurity program that goes beyond simply responding to threats. It leverages proactive attack testing and simulation to identify and mitigate vulnerabilities before real attackers exploit them. Organizations can prioritize and allocate resources more effectively by continuously monitoring and evaluating security risks. This systematic approach allows for a more robust defence in the face of a rapidly expanding attack surface.
Primary Benefits of Implementing a CTEM Program
Let’s take a closer look at some of the key advantages of implementing CTEM. By continuously scanning and monitoring your digital infrastructure, you can proactively stay one step ahead of cyber threats. CTEM prioritizes threats based on their potential impact and likelihood of occurrence. This way, resources can be efficiently allocated to tackle the most significant risks first. By following an iterative approach, CTEM allows you to learn from each assessment and adapt defences accordingly. You can implement effective remediation measures and continuously improve your security posture by generating actionable insights from real-time threat data.
This data-driven approach ensures decisions are made based on the latest threat intelligence. This empowers security teams to make more targeted and effective remediation efforts by leveraging real-time data. To maximize the effectiveness of a CTEM program it must be aligned with the organization’s business objectives. This also helps achieve adaptability and continuous protection against the ever-evolving threat landscape. By incorporating your strategic business goals into the CTEM program, you can ensure that it works hand-in-hand with your overall cybersecurity strategy.
The Lifecycle Process of an Effective CTEM Program
A successful CTEM program follows a comprehensive lifecycle process. Let’s break it down into key steps. In the initial phase, the security team identifies and analyzes the infrastructure assets to be included in the program. This analysis encompasses both internal and external attack surfaces, including on-premises and multi-cloud infrastructures.
Each asset’s risk profile is evaluated, covering explicit vulnerabilities and weaknesses like misconfigurations. Understanding the potential impact of vulnerabilities on business operations is essential. Gaps in the security infrastructure are identified, such as logging and detection gaps, and missing, fragmented, meaningless detection rules.
Cybersecurity capabilities, such as automated pen-testing, controlled attack simulation, and adversary emulation, are carried out within DevOps and production environments. These activities verify cybersecurity weak points and assess the effectiveness of your remediation efforts. Automation plays a crucial role in the CTEM process. It enables organizations to continuously identify, prioritize, validate, and address vulnerabilities and threats. By leveraging automation, you can stay ahead of the evolving threat landscape and constantly improve your security posture.
How to Tell If Your CTEM Program Is Working
Once you have a CTEM program, how do you know if it’s making a difference? There are some key indicators that can help measure the success of your CTEM program.
The first and most obvious sign of a successful CTEM program is decreased security risks. You want to see fewer vulnerabilities popping up, and when they do, you want faster resolutions. You also want to see a drop in successful attacks or breaches. In this cyber game of cat and mouse — your CTEM program should be the cat!
An effective CTEM program will see an improvement in your ability to detect bad actors trying to disrupt systems. It’s not just about quantity; you also want to see the increased complexity of threats detected. After all, cybercriminals are constantly evolving, so your CTEM program needs to keep up!
Time is of the essence when it comes to cybersecurity. A successful CTEM program should help you reduce the time between discovering and fixing a threat. The quicker you respond, the less damage, so keep an eye on how fast you’re remedying those vulnerabilities.
Automated pen-testing, workflow segmentation and Breach and Attack Simulation are ways of measuring how well your security controls are performing. You want to see those controls becoming more effective over time. It’s training your defences to be stronger and smarter.
Compliance is essential if you’re in an industry with regulatory requirements. A successful CTEM program should help you meet and maintain those compliance standards. So, pay attention to any decrease in compliance violations or issues. It’s a good sign that your program is on the right track.
Now that you know how to assess the success of your CTEM program, keep an eye on these indicators, and remember, it’s all about reducing risks, improving threat detection, responding faster, enhancing security controls, staying compliant, and protecting what matters most to your business.
Written by Alain Penel, VP of Middle East, CIS & Turkey at Fortinet (more…)
Positive Technologies has released a study on the dark web market, analysing prices for illegal cybersecurity services and products, as well as the costs incurred by cybercriminals to carry out attacks. The most expensive type of malware is ransomware, with a median cost of $7,500. Zero-day exploits are particularly valuable, often being sold for millions of dollars. However, the net profit from a successful cyberattack can be five times the cost of organizing it.
Experts estimate that performing a popular phishing attack involving ransomware costs novice cybercriminals at least $20,000. First, hackers rent dedicated servers, subscribe to VPN services, and acquire other tools to build a secure and anonymous IT infrastructure to manage the attack. Attackers also need to acquire the source code of malicious software or subscribe to ready-to-use malware, as well as tools for infiltrating the victim’s system and evading detection by security measures. Moreover, cybercriminals can consult with seasoned experts, purchase access to targeted infrastructures and company data, and escalate privileges within a compromised system. Products and tools are readily available for purchase on the dark web, catering to beginners. The darknet also offers leaked malware along with detailed instructions, making it easier for novice cybercriminals to carry out attacks.
Malware is one of the primary tools in a hacker’s arsenal, with 53% of malware-related ads focused on sales. In 19% of all posts, infostealers designed to steal data are offered. Crypters and code obfuscation tools, used to help attackers hide malware from security tools, are featured in 17% of cases. Additionally, loaders are mentioned in 16% of ads. The median cost of these types of malware stands at $400, $70, and $500, respectively. The most expensive malware is ransomware: its median cost is $7,500, with some offers reaching up to $320,000. Ransomware is primarily distributed through affiliate programs, known as Ransomware-as-a-Service (RaaS), where participants in an attack typically receive 70–90% of the ransom. To become a partner, a criminal must make a contribution of 0.05 Bitcoin (approximately $5,000) and have a solid reputation on the dark web.
Another popular attack tool is exploits: 69% of exploit-related ads focus on sales, with zero-day vulnerability posts accounting for 32% of them. In 31% of cases, the cost of exploits exceeds $20,000 and can reach several million dollars. Access to corporate networks is relatively inexpensive, with 72% of such ads focused on sales, and 62% of them priced at under a thousand dollars. Among cybercriminal services, hacks are the most popular option, accounting for 49% of reports. For example, the price for compromising a personal email account starts at $100, while the cost for a corporate account begins at $200.
Dmitry Streltsov, Threat Analyst at Positive Technologies, says, “On dark web marketplaces, prices are typically determined in one of two ways: either sellers set a fixed price, or auctions are held. Auctions are often used for exclusive items, such as zero-day exploits. The platforms facilitating these deals also generate revenue, often through their own escrow services, which hold the buyer’s funds temporarily until the product or service is confirmed as delivered. On many platforms, these escrow services are managed by either administrators or trusted users with strong reputations. In return, they earn at least 4% of the transaction amount, with the forums setting the rates.”
Considering the cost of tools and services on the dark web, along with the median ransom amount, cybercriminals can achieve a net profit of $100,000–$130,000 from a successful attack—five times the cost of their preparation. For a company, such an incident can result not only in ransom costs but also in massive financial losses due to disrupted business processes. For example, in 2024, due to a ransomware attack, servers of CDK Global were down for two weeks. The company paid cybercriminals $25 million, while the financial losses of dealers due to system downtime exceeded $600 million.
Written by Oded Vanunu, Chief Technologist & Head of Product Vulnerability Research at Check Point (more…)
GISEC Global 2025: Phishing, Data Breaches, Ransomware, and Supply Chain Attacks Causing Challenges
GISEC Global 2025: A Place Where Innovation, Partnerships, and Leadership Come Together
Cequence Intros Security Layer to Protect Agentic AI Interactions
Commvault Enhances Cyber Recovery Offerings with CrowdStrike Incident Response
Bugcrowd Launches Crowdsourced Red Team as a Service
CyberKnight to Showcase Zero Trust Security 2.0 at Gartner SRM and GISEC Global 2025
Gartner Forecasts Spending on Information Security in MENA to Grow 14% in 2025
OPSWAT Opens Office in Saudi Arabia
SearchInform Expands Cybersecurity Awareness Programs Across the UAE
Commvault to Host SHIFT Cyber Resilience Roadshow in Dubai
UAE Workforce in 2025: Cybercrime, Stress, and Burnout Take the Spotlight
Video: Toshiba Presents Latest Hard Drives and QNAP NAS System Live Demo at INTERSEC 2025
Video: Toshiba Showcases its Latest Hard Disk Drives Through Live Demos at Intersec 2025
Video: Interview with Meriam ElOuazzani of SentinelOne
Video: Interview with Fred Crehan of Confluent at GITEX Global 2024
-
Artificial Intelligence1 week agoGenerative AI is Transforming Cybersecurity Across Detection, Defense, and Governance
-
Events1 week agoOPSWAT Joins GISEC 2025 as Middle East Confronts AI-Driven Cyber Threats
-
Cyber Security1 week agoProofpoint Unveils Unified Solution for Workspace Cost, Cyber Risk Reduction
-
Cyber Security1 week agoKuwait Renews Cyber First Initiative to Strengthen Digital Defenses for Vision 2035
-
Artificial Intelligence7 days agoFortinet Expands FortiAI Across its Security Fabric Platform
-
Cyber Security1 week agoAmiViz to Show Off the “Future of Cybersecurity” at GISEC 2025
-
Artificial Intelligence1 week agoHow AI is Reinventing Cybersecurity for the Automotive Industry
-
Cyber Security2 days agoGISEC Global 2025: There’s a Rise in Malware and Ransomware Campaigns Moving From IT to OT Systems