Continuing with our topic of Risk Assessment, companies looking for better ways of prioritizing their defensive efforts need to look beyond vulnerabilities. How to find the real threats to your business before they find you The basic equation for risk is simple: If an adversary or threat can exploit a vulnerability to harm an asset, then you have risk. Yet far too many companies focus on the two components of risk that are typically internal to their networks: assets and most of all, vulnerabilities. Increasingly, security professionals advise companies to do their homework and gauge what threats may be targeting their networks and data. One issue is that most defenders wait behind their firewalls for the attackers -- effectively giving up the initiative. Companies instead need to model the threats to their network and gather intelligence on possible adversaries. To that end, a good start is for companies to make a short list of the threats they face to their business. Not just cyber-criminals and online adversaries but other events that could cripple the company. Most companies will find that advanced persistent threats and hacktivists are likely not among their major worries.

Below are a few things companies can do to get a jump on attackers;

Watch for the attacks

Pump your vendors for threat data

Meet with your competitors

Find a threat analyst