Whitepaper: How cyber exposure works
In this digitalized world we live in, data is the new currency and driver for all businesses. This change in business landscape presents new risks and threats to be remediated. Cyber Exposure Index is the first step in this remediation and mitigation process by identifying existing threats and making them transparent.
The Cyber Exposure Index is based on data collected from publicly available sources in the dark web, deep web and data breaches. From that data, signs of sensitive disclosure, exposed credentials and hacker group activity against a company are identified. Companies are ranked based on the number of findings and the risk that the findings represent.
Exposed Information
In today’s digital age, our interactions with technology frequently generate a digital footprint, which includes logs and data traces. This data, whether intentionally or unintentionally leaked by individuals, exploited by hostile actors, or exposed due to system flaws, contributes to what is known as ‘Cyber Exposure’. This term refers to any exposed information and digital assets associated with individuals or companies that, if misused, would be harmful to them.
Sensitive and Exploitable data
The Cyber Exposure Index gives a clear and easy measure of a company’s Cyber Exposure, which is divided into 12 types of sensitive and exploitable data.
- Cleartext Passwords
- Encrypted Passwords
- Data Breach
- Black Markets
- Discussions
- Internal Malware
- External Malware
- Source Code
- Email Content
- Targeting Lists
- IT Infrastructure Information
- Other
Measuring Cyber Exposure
A company’s Cyber Exposure is expressed in two ways; the Exposure Difference and the Exposure Similarity. Both scores compare the company to its industry but provide distinct insights.
Exposure Difference
This score compares a company’s overall exposure level to the exposure level of its industry. The company’s Exposure Difference is determined by calculating the ratio of its total exposure records to its employee count, and comparing this to the equivalent ratio in its industry. This comparison uses a logarithmic scale.
Exposure Similarity
The Exposure Similarity compares the company’s Cyber Exposure profile, which include the 12 data types, to the profile of its industry. The score ranges from 0 to 100%, with 0% indicating no similarity and 100% indicating that the profiles’ exposure category proportions are identical.
This metric aids in determining how closely two exposure profiles are related. Two companies in the same industry with similar exposure profiles will confront similar cybersecurity challenges or threats. A low similarity, on the other hand, suggests very different cyber risk landscapes.
Cyber Threat increase
Cyber Exposure poses significant risks, particularly when exploited by threat actors. As Cyber Exposure increases, so does the potential for Cyber Threats.
Examples of threats for individuals:
- Unauthorized access to multiple accounts
- Sophisticated phishing campaigns
- Identity theft
Examples of threats for companies:
- Internal network infiltration
- Ransomware attacks
- Unauthorized transactions
Security Measures
Understanding and managing Cyber Exposure is vital in safeguarding against cybersecurity threats. The index does not provide a direct measure of a company’s actual risk because it does not account for any existing security measures. It is however a timely reminder of the significance of cybersecurity.
Financial Impact
The security of a company’s information and assets is more than just an IT concern in a world where data breaches are commonplace and costly. Cybersecurity is a critical aspect that can have a considerable impact on the company’s financial stability and shareholder value. Ignorance can lead to losses or jeopardize the company’s existence.