Risk intelligence. Just another IT buzz term to confuse those who are technologically illiterate? Not at all. Risk Intelligence (RI) should be integral to your in-house cybersecurity. RI assesses vulnerabilities in your IT infrastructure and gives you an estimate of financial liabilities that your business faces in the event of a data breach. Why do you need RI? These statistics provide more than enough evidence to answer the question.
The cybersecurity company, Malwarebytes, confirms that in 2017:
- • 1 in 3 small-to-medium size businesses (SMBs) suffered a ransomware attack
- • 20% of the SMBs were forced to stop operations altogether
- • 25% of SMBs experienced more than 20 ransomware attacks
- • 54% of UK businesses surveyed had ransomware attacks
- • 46% of UK businesses still lost their data after paying the ransom
If the bad news from Malwarebytes isn’t bad enough, then reflect on this: research shows that 60% of SMBs are unable to sustain business for longer than 6 months following a cyber attack. The Ponemon Institute reports that the cost of recovering from a hacking event is in the range £500,000 to £800,000 for SMBs.
The penalties for data breaches are not a laughing matter. This year, the Carphone Warehouse Ltd was fined £400,000 by the Information Commissioner’s Office (ICO) after one of the company’s computer systems was compromised by a cyber attack in 2015. The failure to secure a computer system allowed unauthorised access to the personal data of over three million customers and 1,000 employees. Had this happened after 25 May 2018, the GDPR non-compliance penalty would have been significantly higher.
According to a report by Deloitte, only 54% of CEOs are ‘somewhat engaged’ in cybersecurity planning and implementation, despite an overwhelming 95% stating that hacking poses a real threat to short-term business growth.
A typical cybersecurity expert may give you a ‘to do’ list in order to prevent hacking:
- • use two-factor authentication
- • use multiple passwords and change them regularly
- • backup your data regularly; having the latest backup means you won’t need to pay the ransom
- • use cloud-based email such as Office 365 to protect yourself against phishing and scams
- • ensure all your devices are updated with the latest patches
Unfortunately, no matter how vigilant you and your employees are at sticking to these rules, they may not be sufficient to avoid a cyber attack. This is where Risk Intelligence comes into play.
RI will tighten your cybersecurity by:
- • ensuring that only authorised individuals can access sensitive data using RI permissions discovery
- • locating security holes in your systems using deep vulnerability scanning
- • discovering inappropriate access and alerts using deep vulnerability scanning
- • providing RI reports on the potential financial impact of your at-risk data
- • implementing payment data discovery so your credit card data is protected
- • using payment data discovery to ensure that you are PCI DSS compliant
IT Managed Service Provider (MSP), Zhero, can provide you with a data breach RI report that aggregates vulnerability scans into meaningful analytics. Risk intelligence calculates the total liability based on the amount of unprotected data discovered on an individual system, multiplied by the industry average cost per record lost in a data breach. The result is then weighted by the access permissions to the file where sensitive data is identified and weighted again by the CVSS score of the vulnerabilities identified on the system.
CVSS scores are an industry standard scoring system for the severity of vulnerabilities. A CVSS base score of 0.1 to 3.9 represents a low risk, 4.0 to 6.9 is medium, high risk is 7.0 to 8.9. A critical risk score is in the range of 9.0 to 10.0. The scores are used by NIST National Vulnerability Database and all major scanning vendors as the standard for communicating the severity of risk.
Risk Intelligence means you will keep hackers at bay, locked out of your IT network and sensitive data. Risk Intelligence means you can leave the worry of cyber security to your MSP and focus on what you do best: developing and growing your business.