Skip to main content

Posts

The Hidden Risk: Unknown Assets in Modern Environments

 One of the most overlooked truths in cybersecurity is that - asset visibility is the foundation of effective security. Most security failures don’t begin with sophisticated zero-day exploits. They start much earlier—with unknown and unmanaged assets quietly expanding the attack surface. Devices that are not inventoried, systems that are not monitored, and resources with no clear ownership often operate outside the reach of traditional security controls. Modern environments make this problem harder. Cloud workloads, SaaS platforms, IoT and OT devices, AI-enabled systems, and remote endpoints continuously appear and disappear. In such dynamic ecosystems, static asset inventories quickly become outdated, leaving security teams blind to real exposure. This is why asset management must move beyond simple inventory tracking. Mature security programs focus on asset criticality and exposure, recognizing that not all assets carry the same risk.  A practical way to think about this is:...
Post a Comment
Read more
Recent posts

High Budget Doesn’t Necessarily Mean Better Security

One of the most important responsibilities of a security professional is deciding what NOT to spend the budget on. No matter how deep your pockets are, 100% security is a myth. Chasing it usually leads to overspending, complexity, and diminishing returns. The real skill lies in implementing “exactly enough security” — not less, not more. That means: Evaluating real risk Understanding threat likelihood Estimating potential business impact Aligning controls with expected loss Security isn’t about buying everything. It’s about making informed trade-offs that protect the business without slowing it down. That balance is what defines a mature security program — and a strong security professional.
Post a Comment
Read more

Voice Phishing: The Blind Spot in Modern Security Programs

On a regular workday — nothing unusual. The phone rings. “Hi, this is IT support. We’re seeing unusual activity on your account. If we don’t fix this in the next few minutes, you may lose access.” The voice is calm. Confident. Helpful. They already know the employee’s name. Their role. Their team. One short conversation later → Access granted What didn’t happen: • No malware was installed • No vulnerability was exploited • Nothing was “hacked” in the traditional sense  And yet the breach had already begun. This isn’t a one-off incident. The same playbook keeps showing up. Recently: — A global casino operator breached after helpdesk reset credentials during a vishing call — A ride-sharing company compromised when an employee approved access on an authenticator app during a fake “IT emergency” — A recent university-sector breach where voice-based social engineering bypassed strong technical controls Different industries. Same technique. Industry data keeps reinforcing that: — Many su...
Post a Comment
Read more

The Beginning

 Hello Writing my own blog was on mind since long. Finally I got a chance to register ganeshsonar.com domain and pen down my first ever post. I am excited to share my thoughts on different subject that inspires me and hope you would enjoy the reading experience. ** A little bit about myself ** My name is Ganesh and I am living in Pune - a vibrant city in India famous for is dynamic culture and authentic Maharashtrian food. I have spent my life so far working in the filed of Information Technology and Cyber Security - but this blog is NOT limited to that domain and I will try to express my thoughts on many different subjects. For example, I am a great fan of Philosophy and History. In fact, I have grab a degree in History just out of curiosity. Also, I m avid reader on the subjects like "Minimalism" and I am trying to practice it in my daily life. Personal finance is another subject that touches me personally and I would say I am great at it. And Cyber Security and IT,...
Post a Comment
Read more