Performing a Cyber Risk and Threat Assessment Using Shodan

Introduction

Most SEC-registered firms believe they have a clear understanding of which systems are exposed to the public internet. In reality, many firms do not.

Forgotten test systems, legacy hardware, MSP misconfigurations, vendor-hosted services, and shadow IT routinely create internet-facing exposure that never appears in internal documentation. Regulators do not care whether that exposure was intentional — only whether the firm identified it and took reasonable steps to manage the associated risk.


The rest of this article is free to read with a BrainTrust membership — joining takes about a minute, and no credit card is required.

Join the BrainTrust   Already a member? Sign in