Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In the first blog of our two-part incident response series, we explained how your organization can jump-start its incident response. In this second part, we’ll focus on the essential elements of an incident response plan—a critical factor for any company trying to recover from an incident quickly and confidently.

Your organization runs on data. But do you actually know where it goes every day? Between Slack messages, Google Drive shares, AI assistants, and browser uploads, your sensitive data is constantly moving: Every one of these moments is a data exposure risk.

Shadow AI refers to the use of unapproved AI tools in the workplace without IT’s knowledge or oversight. Cisco’s 2025 Data Privacy Benchmark Study found that 81% of organizations lack full visibility into which AI tools their employees are using (Cisco, 2025). If you’re not monitoring AI use, you’re not managing AI risk. And in 2025, ignorance is expensive.

In an environment where the volume of threats is growing and the pressure to protect critical assets is constant, oragnizations and managed service providers (MSPs) are inundated with notifications. Prioritizing critical vulnerabilities takes time, resources and careful analysis. However, false positives also slip into this constant flow of alerts. Far from being harmless, these false alarms can create an even bigger problem: alert fatigue.

Artificial intelligence—it’s a term you’ve likely encountered more than once today, and this won’t be the last. And while it reshapes how businesses operate, it’s also introducing new risks. As organizations embrace AI-powered tools for efficiency and innovation, it becomes essential to understand what technologies your vendors rely on, and what those choices mean for your cybersecurity posture.

Cybercriminals don’t need to be sophisticated. They just need the opportunity—and in Ireland, there’s still too much low-hanging fruit. Many of the vulnerabilities being exploited across Irish networks today aren’t new. They’re years old. Attackers are taking advantage of outdated systems that haven’t been patched, relying on free, off-the-shelf tools to scan for weaknesses—and finding them far too easily. This isn’t a theoretical risk.

Fintech and banking ranked among the top three most targeted industries in 2024, according to the CISO’s guide to DevOps threats. Real-world incidents underscore this trend: Byte Federal, the leading Bitcoin ATM operator in the U.S., suffered a breach linked to a GitLab vulnerability. Meanwhile, financial software provider Iress and crypto wallet company Ginco were both targeted by threat actors exploiting GitHub repositories. Source: 2024 DevOps Threats Unwrapped.

Patrick Orzechowski (also known as “PO”) is Torq’s Field CISO, bringing his years of experience and expertise as a SOC leader to our customers. PO is a seasoned security veteran with a deep understanding of the modern security landscape. You can find him talking to SOC leaders and CISOs from major brands at cybersecurity events around the world. Running a SOC isn’t for the faint of heart. I should know.