How to calculate the risk of a company's cyber exposure

How to calculate the risk of a company's cyber exposure

There is an index capable of calculating the level of cyber risk of a company or an individual. The formula takes into account the number of leaks, known vulnerabilities and the number of services exposed online

(photo: Getty Images) Ransomware, phishing, spyware, adware, computer breaches capable of exploiting system vulnerabilities for the purpose to steal as much information as possible from the attacked databases. The attack vectors available to cybercriminals are numerous and those reported here are only the tip of a much larger iceberg and the risk of suffering a cyber attack remains unquantifiable. At least so far.

Cybercriminals use all their skills by adapting the type of attack according to the objective to be pursued, choosing victims based on strategic importance and the available attack surface. The more a computer system is not properly protected, the larger the attack surface and consequently the risk of being attacked increases.

If moreover, as happened with the recent attack on Kaseya and the previous one. occurred against Solar Winds, the target is a supply chain, the risk that all the entities connected to them are also involved increases considerably. This is because the service provider hit by the attack has access to a digital space within the IT systems of its customers. But there is a way to calculate what your cyber risk really is. This method is called Cyber ​​Exposure Index and was developed by Yoroi, the cybersecurity company founded by Marco Ramilli.

The purpose of this index, expressed with a mathematical formula, is to measure the digital space that can be used by a possible attacker, against any organization. "To do this it is necessary to observe the digital space of suppliers exactly as an attacker would and understand a priori which attack vectors could be used," explained Ramilli, founder and CEO of Yoroi.

To succeed in correctly calculate the cyber risk, the index uses three variables: the number of services exposed, the number of known vulnerabilities present and the index of data leaks linked to the company domain.

These variables are calculated by exploiting events already happened such as a successful cyber attack. The Cyber ​​Exposure Index leverages information gathered in deep web hacker forums and analyzes data for sale in illegal dark web marketplaces. The higher the number of services that can be reached on the internet, the more varied are the techniques an attacker can use to gain unauthorized access. The more vulnerabilities an attacker can exploit, the easier it will be to compromise a host. Finally, the more data leaks are present, the more easily the attacker will be able to obtain useful information to carry out an attack. These three dimensions try to summarize the possible attack scenarios by cybercriminals.

Number of services exposed

This value shows the external attack surface of your computer system. It is calculated from the sum of the different IPs, ports and protocols associated with the company and accessible from the outside. The larger the attack surface, the easier it is for cybercriminals to find a vulnerability in it. Therefore to reduce this value, according to Yoroi experts, a company should analyze all the IPs and services exposed to the outside and reduce access only to those strictly necessary.

In a historical moment like the one in which we are where office work has been partially replaced by a hybrid home smart-working solution, the number of external accesses to the company IT system has increased and, therefore, the potential risk of exposure has also increased. br>

Number of vulnerabilities

The sum of the severities and known vulnerabilities of the services allows a precise estimate of the ease with which an attacker is able to compromise the company's IT system by exploiting one of these remotely vulnerability. Thanks to the information shared by the cybercriminals themselves in the dark web forums, the index only considers known vulnerabilities that are remotely identifiable and exploitable.

In this case, Yoroi experts recommend, to reduce this index, to update vulnerable software, giving priority to all services exposed on the network.

Data leakage index

This last figure measures how many leaks containing company accounts are available online, just a click away from a possible attacker. A leak - data leaked from a previous cyber breach - could simply contain personal information, usable for social engineering, but it could also often contain encrypted passwords (commonly called hashes) or even plaintext passwords. they often use leaks from previous breaches to initiate brute force attacks, i.e. a series of attempts to combine username - password using all the data contained in the data leaks as a source. According to the law of large numbers, sooner or later a correct pair is identified and then access is guaranteed.

Unfortunately, if information has already leaked, not much can be done but change the username and password to avoid that these are used for illegal purposes. However, it is possible to reduce the number of future leaks, for example, by reducing the number of external accounts created, using different passwords for each service and periodically checking their passwords to verify whether or not they are compromised using tools such as password managers or the Have site. I Been Pwned.

The Cyber ​​Security Index is also the basis for giving substance to the concept of preventive analysis of the corporate supply chain. Performing a preventive analysis, ie being able to assess the potential "insecurity" of your business ecosystem, is a fundamental element for an effective integrated security system for cybersecurity experts. This is because prevention, not only in the IT field, is the first defensive strategy that allows those who put it into practice to arrive prepared when needed.

"The focus of the Cyber ​​Exposure Index", explains Marco Ramilli , “Is not to judge the indexed organization but to offer an 'exposure view' that an attacker can use as an initial step. It is indicative of the attacker's probability of success, and will change over time depending on the actions taken to protect themselves. But in the meantime you have to know it ”.

Web - 18 hours ago

Cuba has blocked the access to Facebook and Telegram after protests

A hub for Mediterranean startups is born in Calabria

The French Antitrust has fined Google a 500 million euro fine


Cybersecurity Hacker Internet Malware globalData.fldTopic = "Cybersecurity, Hacker , Internet, Malware "

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License.

Powered by Blogger.