Cyber Crime And Cyber Threat Measurement
Cyber-attacks and crime in our days are threatening businesses globally, and due to their financial implications have been largely viewed as an “enterprise risk”, which to be having managed the same as other significant risks for business. Effective risk-based metrics for enduring threats quantification, mitigation and management are increasingly seeking by organizations’ executives and top management.
The threat and cyber risk measurement approaches as well as level of its maturity would differ for organizations from audit-based models to representation of cyber risk in measurable scores or in monetary terms. Qualitative measures are used to communicate the level of severity of a cyber threat, and to provide a sense of the quantum of losses that could occur over a period of time. Without having understanding the cost of realized threat, it is difficult for managers to decide on an appropriate risk management strategy. For that it’s necessary to identify the most important elements of business operations that can be affected by a threat. For most organizations it would be recognizing their business processes and assets and assessing their criticality along with connections to organization core infrastructure. The next factor would be perception of a threat by determining how effectively the information related to a threat is gathered, analyzed and disseminated.
Another aspect is defenses of the business processes, defense measurements and assessment of defense elements such as proactive defense, detections of cyber-attacks, and attack response management. These factors will be constant for organization regardless of the business activities. Slight variations can be in the types of data affected by realized threats and methods of threat realization for different industries. Also attack surfaces can vary depending on a busyness specific way of exposure to cyber-attacks and vulnerabilities that can be assessed by attackers.
For example financial sector should be more concerned about susceptibleness to DDoS attacks that are disrupting banking services. For healthcare industry the most critical aspect would be possibility of breaching into databases systems and loss of Personal Identifiable Information (PII) and electronic health records (EHR) of patients. To ensure collection of actionable data and insights it is necessary to have defined goals that need to be achieved by cyber security measurements and frameworks. Goals may include assurance of defensive measurements effectiveness, confirmation of that security solutions are solving cyber threat related issues or do the same in terms of customers’ problems. Also it is important to know sources where data is coming from. They may include access logs, interfaces connecting external and internal computer systems and networks, traffic scanners and analyzers reports, and data from the Internet. Briefly all data need to be collected to take full advantage of applied cyber security measures. Having knowledge of where data is coming from is paramount to prioritizing its importance and usefulness. However, data from different sources generally comes in raw form and doesn’t have enough value before it has being integrated and brought in context. Comprehensive review and data sorting need to reveal true potential of the data. Captured data need to go to throughout analysis for extraction of meaningful insights.
Data analysis requires management process embracing important details of the analysis procedures. It would allow establishing optimal frequency of data collection to ease identification of prevailing trends, assess complexity of data coming from multiple sources to enhance localization of abnormalities, and control reliability of the data. To have proper insights the data need to be blended, data identifiers and interconnection has to be systematized in order to minimize redundancy and improve data integrity. Data analysis continuum involves a broad diversity of technologies that used for extracting actionable insights from the information derived out of the collected data. This calls for experienced and talented personnel which plays a key role in the data transformation while tasked with extracting actionable insights from data.
Selection of suitable people should be based on their abilities to write algorithms, conduct data segmentation and management, interpret of their findings, and communicate actionable insights to multiple elements of the business. How these insights have to be applied is also the responsibility of data analysis personnel within an organization. The actionable insights can play an essential role in reducing companies spending associated with cyber threats and security measures and tracking effectiveness of applied solutions. To have complete use of these benefits organization must have right processes, technologies and people in place for data collection and analysis, that could be able to spot and categorize the most valuable insights. Cyber risk register and assessment matrix can aid an understanding of what cyber risk has actually mean to organization and support an informed decision making process of reducing the risk exposure. Risk register allows organization to realize main risks and opportunities by ensuring that all considerable cyber risks are being identified, assessed and managed. To properly use cyber risk register organization must identify its’ key assets that may include human recourses, IT and computer systems, networks and property assets. Having a clear picture of main assets will allow to assess and assign cyber threats accordingly e.g. technology or human born. The list of the common threats can be found in ISO27001 and used as a basic tool, but to insure relevance it would require having constant update process in place.
A cyber risk register entry instance can state for example that “Employee accidentally exported sensitive customer’s financial information into a cloud storage service.” The next step would be applying risk assessment matrix which would specify risk probability and impact such as financial and reputational to risk considered. The threats related to an identified risk can be assessed by use of Operational Threat Assessment (OTA) general threat matrix. By use of OTA general threat matrix, threats can be categorized by its possible features and capabilities corresponding to these features. OTA threat matrix includes qualitative and quantitative approaches to threats metrics. Combination of tangible and intangible attributes assigned to cyber threats allow to use it as a leveled model for organization for threats categorization and identification for attacks paths and their mitigation. Having risk register, threat and risk assessment matrix in place would allow organization to determine its risk appetite, determine whether risk can be reduced, avoided, accepted or transferred, and what security control measures are exist or need to be implemented.