Risk Assessments: Finding Risk Before Risk Finds You

By Charles Duckett | August 23 2018

Cyber-attacks are undeniably more ubiquitous and costly than ever. The threat actors aren't going anywhere, and the impact on companies is costly and rising. In 2017 alone, , nearly $600 billion was deprived of the global economy by means of cyber-attacks. However, to mitigate the risk of a costly impact there is still hope in focusing efforts to close gaps in your enterprise. Identifying these gaps will supplement a network security to minimal possible risk. It is a caveat to note that there is no such thing as no risk, these are human endeavors after all. 

The top three biggest cybersecurity threats according to Accenture for companies are malware, phishing, and web-based attacks. These attacks concentrate on certain vulnerabilities such as an outdated version of software or an employee without cybersecurity awareness. The key is to identify and mitigate these vulnerabilities before they are exposed by threats. This process is done through risk assessments. Risk assessments can be a focus or comprehensive as your organization requires, ranging from a full 360 Risk Assessment to a focused Insider Threat Assessment. These assessments provide a baseline of risk to prioritize supplements and upgrades to security where the risk is high. 

Risk assessments can be executed through multiple ways and with different goals. There can be a test of security posture, which can be done through gathering information about how the employees or security contractors feel about the security of the company in the first place. This type of assessment can get an idea of how vulnerable employees are to phishing or social engineering scams or possibly insider malintent. This can provide a company with necessary steps to improve and implement a plan when crisis time comes.  

There are also assessments in the security of the network itself. This can be assessed through off-site and on-site penetration testing. This can mimic a real attack and provide a unique perspective typically available until too late. To address web-based attacks there are assessments that identify flaws from bad code or misconfiguration in web applications and data bases. 

There is no reason to neglect these measures that can potentially save a business thousands if not millions of dollars. The purpose of risk assessments is to be honest about what cybersecurity defenses are in place. Risk assessments are also helpful moving forward since they solve problems with the realm of uncertainty. There is a sense of valuable awareness knowing where vulnerabilities in the system reside.

Vulnerabilities range in their risk. Combined with the proper threat, vulnerabilities can shake the very foundation of a company. Ransomware, phishing, DoS, web-based attacks, etc. are just some of the tools threat actors use to enter a network. Some threats are in-house and can cripple a company if there aren't measures to secure the network from individuals inside the organization. All of these are threats whose risks are easily mitigated when the vulnerabilities they target are closed or mitigated through comprehensive risk assessments and immediate remediation.

About Domain5: 

Domain5 is committed to providing support to companies at an effective return on cybersecurity investment (ROIC). This support includes a part-time chief information security officer that is flexible to any small business demand large or small. Our support extends to risk assessment of current networks, information security, and compliance advise. Domain5 indivisibly recognizes the absolute necessity of maintaining cybersecurity awareness while simultaneously compensating for effective allocation of resources in any financial situation. 

Recent Posts