Assessing Your Cyber Risk: How Vulnerable Are You?

05 Jun 2020

    Computers, mobile phones, printers, tablets and other smart gadgets. Servers, emails, social and Wi-Fi networks. Digital assets and smart devices have become an indispensable part of most companies. Want to stay one step ahead of cybercriminals? Find out which of these might be your weak point. All you need is a cyber risk assessment.

    It’s as simple as that: the more devices you use online, the higher the probability that hackers find their way into them. According to Statista, there were around 22 billion connected devices worldwide in 2018, and that number is expected to more than double by 2030. What’s more, the COVID-19 pandemic has shown that further digitalization is inescapable in order for companies to be able to work remotely.


    Internet of Things connected devides worldwide statistics


    As we move deeper into the Internet of Things and the rise of flexible workplaces, the trend for offices and employees will only strengthen  – smart watches, heating systems and virtual assistants are only the start. However, new digital solutions also make companies more vulnerable to security and data breaches than ever before. “CEOs committed to staying on top of this ever-evolving threat must break down the silos that exist in the organization in order to assess the full dimensions of the risks across the enterprise and address these exposures holistically. The consequences of not doing so could cost them the trust of their shareholders and customers and even their jobs,” writes Jason J. Hogg, CEO of Aon Cyber Solutions, for the Harvard Business Review. 


    The first necessary step on your journey towards adequate cybersecurity? The cyber risk assessment. 




    By assessing your cyber risk properly, preferably with an external consultant, you can: 


    1. Grasp the actual state of your online environment and virtual threats

    Many decision-makers lack the capacity to be well-informed about everything that’s going on in their online fleet – but ignorance is no excuse. Therefore, the cyber risk assessment helps you summarize the state of your digital realm and how particular devices affect it. It also provides you with an analysis of how your online environment could develop and predicts which threats could emerge in the future. 


    Because, as the cybersecurity company Recorded Future states, if you really want to have relevant information on your potential weaknesses and risk factors, internal audits and previous security incidents should never be the only source: “That produces a list of problems you already know about, not a list of the problems you need to worry about today or in the future.” That is why you should be well aware of emerging and unforeseen threats too. In other words: having no experience with deep fakes doesn’t mean they won’t hurt you one day.


    2. Identify which cyberattack would hurt your business the most

    Now that you have general knowledge about different types of cybercrime, it’s time to find out if a ransomware, a DoS or a phishing attack would hurt your business the most. And which one would be the most costly? A cyber risk assessment will provide you with corresponding answers. Identifying the biggest potential loss helps you find the best prevention measures. 


    As part of the risk assessment, case studies from businesses similar to yours could help. For example, according to the research platform Expert Insights, the biggest and most damaging threats that small businesses face are phishing emails. “Phishing accounts for 90% of all breaches that organizations face, they’ve grown 65% over the last year, and they account for over $12 billion in business losses,” says Joel Witts. Phishing attacks are common in health care. Why? Clinics and hospitals store valuable patient information, and cyberthieves can sell this data on the dark web for very attractive prices. According to Forbes, electronic medical health records (EMR) are worth hundreds, sometimes even thousands of dollars. Another example that digitalization might be useful, but also dangerous: unprotected files are easy targets for cybercriminals.


    3. Know who or what could let the cyberthieves in

    Employees? Weak passwords? Unsecured Wi-Fi? No reliable and regular backups? Thanks to the risk assessment, you’ll be aware of the crucial digital vulnerabilities of your company. 


    For instance, Ponemon Institute’s research from 2018 showed that up to 60% of data breaches in small and midsize businesses happen due to negligent employees or independent contractors, and that mobile devices were the most vulnerable entry points to the company networks.




    4. Evaluate and redefine your current security measures

    Knowing how many online touchpoints, weak points and threats there are, are you doing enough to protect them? For example, if employees are identified who lack the needed level of IT knowledge are determined to be the highest risk factor, are you doing enough to educate them? 


    If you start evaluating your security measures now, you may not only stay one step ahead of the hackers, but also one step ahead of your competitors. According to the CNBC/SurveyMonkey Small Business Survey, 44% of small business owners are planning to invest in the Internet of Things in 2020, yet only 20% of them plan to put money into cybersecurity software. Without implementing a thought-through data security strategy, they might be at risk. 


    All in all, if you hire a professional to assess your cyber risk, you can make enlightened cybersecurity decisions and the cyberthieves won’t have a chance to shut your business down. So, in cyber and data security, it is crucial to hold on to the popular saying: Hope for the best, but be prepared for the worst.  



    How the COVID-19 crisis brought on more risks
    The COVID-19 crisis has shown that cyber criminals leveraged the opportunity to attack unprepared companies and anxious employees chaotically shifting to home offices. Web threats, scams and phishing emails have also increased notably. In the first quarter of 2020, malicious and fraudulent websites blocked by ESET increased by 21% compared with Q4 of 2019
    If your employees start working remotely, you should always make sure additional security measures have been implemented – from effective remote administration to disc encryption. Therefore, as a part of your cyber risk assessment, take into account how many employees work from home or plan to work from home, taking into account whether they use corporate or private devices. Digitalization and flexible workplaces are great, but only if they’re well-protected.