By Dr. Jared M. Smith, Distinguished Engineer, R&D Strategy at SecurityScorecard
In the current cyber threat environment, organizations need modern tools and solutions that provide an automated way to discover and manage all entities within their business ecosystem, including third, fourth, fifth parties and beyond. But how do you manage risk when there are so many entities at play, some of whom you don’t even know exist?
Business ecosystem risk management is a necessary approach to cybersecurity that maximizes your security posture by including everyone involved with your organization.
The optimization and automation of business ecosystem risk can be broken down into three sections: measurement, quantification, and mitigation.
1. Measuring risk
Risk measurement extends beyond just what your attack surface is. It also must include up-to-date intelligence on the latest and historical trends worldwide. The goal is to understand which endpoints in your attack surface are likely to be targeted.
For trustworthy results, the intelligence collected should cover every organization, technology, geographical region, and threat actor. SecurityScorecard does this with a suite of in-house threat intelligence systems with global IPv4 scanning capabilities. We collect malicious activity by capturing infected device traffic from across the globe. We also gather intelligence from the dark web and the many forums and marketplaces where exploits are distributed.
The final and most crucial step is attributing the gathered intelligence to a specific organization. SecurityScorecard ties these two together with our core ratings, which serve as a basis for measuring risk tied to your organization.
2. Quantifying risk
Now that the relevant intelligence is automatically collected and surfaced, it’s necessary to quantify the business risk your organization is facing to truly grasp the consequences if mitigation steps are not taken in time.
Cyber Risk Quantification will put a dollar amount next to the identified risk based on previous public exploits by the same threat actor against other similar organizations.
All of this needs to happen in real-time and be continuously monitored so new threats that pop up on your attack surface get the attention they need in time.
3. Mitigating risk (and optimizing your ecosystem’s exposure)
With distinct financial justification tied to mitigating the exposure, it is time to ensure your Security Information and Event Management (SIEM), Firewall, and Endpoint Detection and Response (EDR) vendors are integrated into your in-house ticketing system to automatically flag, block, or tag identified risks and remove them from your attack surface.
Next, it’s important to identify the same risks in your vendors. SecurityScorecard’s Automatic Vendor Detection will automatically identify all vendors in your third and fourth party sphere by finding usage of those vendors from your public-facing web presence, business activity, resumes of employees, and beyond.
Finally, starting with the measurement stage, you should follow the same process of exposing the risk, quantifying it, and urging your vendors to remove the risk before it affects your organization.
By taking these three steps, you ensure that your entire business ecosystem is well protected from cyber threats by using reliable and highly automated technologies. This will significantly boost your organization’s resilience in the face of an increasingly more dangerous threat environment.