To establish a global standard for measuring cybersecurity risk for businesses, SecurityScorecard proposes to apply security ratings. According to a study by the company, 48% of critical manufacturing organizations were rated “C,” “D” or “F” on the security rating platform developed by this same company. Published during the annual meeting of the World Economic Forum (WEF), Addressing the Trust Deficit In Critical Infrastructure analyzed the current state of cyber resilience in critical infrastructure sectors such as energy, chemicals, healthcare and others. Organizations with an “A” security rating are 7.7 times less likely to experience a breach than those with an “F” rating.
A reliable barometer
Aleksandr Yampolskiy, co-founder and CEO of SecurityScorecard
Security ratings are a reliable barometer of cyber resilience. In fact, the time has come for the measurement of cyber risk to be made mandatory. Cyber attacks in the last 10 years have become increasingly numerous and more complex. They have also increasingly targeted critical infrastructure, thereby undermining public confidence in the cyber resilience of our global economy.
Companies and IT security
Cyber incidents affecting critical infrastructure, once relatively rare, have become much more frequent in recent years. This is because nation-states and their proxies intensify the pursuit of geopolitical goals. FBI data showed that 14 of 16 sectors considered critical infrastructure by the U.S. government had suffered at least one ransomware attack already in 2021. SecurityScorecard evaluated these sectors to measure their current state of cyber resilience. The analysis of all the organizations belonging to this category in the Forbes Global 2000 list revealed that the manufacturing sector it is highly vulnerable.
The 10 factors to take into consideration
SecurityScorecard considers 10 factors when developing an organization’s security rating. Its classifications offer easy-to-read AF classifications on, as mentioned, ten risk factors:
network security, DNS health, patch cadence, instant score, endpoint security, IP reputation, web application security, hacker chat, stolen credentials social engineering.
Each factor has a numerical weight, which reflects the severity or risk with which the factor contributes to an organization’s overall cybersecurity posture.
It can also be economically worthwhile
Aleksandr Yampolskiy, co-founder and CEO of SecurityScorecard
Investing in multiple technologies seems burdensome for critical infrastructure operators with limited resources. The reality is that cybersecurity assessment technology is extremely cost-effective. Especially when you consider that the catastrophic cost of a breach averages $9.44 million for US organizations.
Building effective resilience
By leveraging security assessments, these organizations have an easy way to build resilience. Also make more informed decisions to strengthen their cyber defenses. Confidently measuring risk and quantifying the reliability of their partners, contractors, third- and fourth-party suppliers and supply chains.
Companies and cybersecurity, how to measure risk
Furthermore, the research always finds, 78% of 240 of the largest financial institutions in the European Union have suffered a data breach by a third party in the last year. In the wake of attacks like MOVEit e SolarWinds, cybersecurity regulations highlight the need for comprehensive approaches to manage vendor risk and ensure compliance. Only 3% of third-party vendors analyzed were breached, highlighting the dramatic impact of a single supply chain attack on the threat landscape. Supply chain attacks attract cybercriminals. Because when widely used software is compromised, attackers gain access to potentially every organization that uses that software.