The cybersecurity industry is ruled by a truism: not if but when. At the NetDiligence Virtual Cyber Summit, panelists Payal Patel (Marsh), Manish Karir (FICO), James Perry (CrowdStrike), and Tim Nunziata (Nationwide) joined moderator Spencer Timmel (Safety National) for “Predicting a Breach,” a discussion geared towards elucidating how technical tools and human resources can be leveraged to shed light on that elusive “when.” The bad news? There is no fortune teller who can give a precise time and date for a breach. But good news exists in the multiple layers and collaborative measures designed to filter the noise and point the way.
If prediction is impossible, preparation is not. Predictive techniques, Timmel stated, allow organizations to shift from a reactionary posture to a proactive one, thus freeing businesses to focus on core functions. Patel added that these techniques help focus resources and make organizations nimbler in their response. Understanding the risk landscape creates an ability to intervene quickly, thwarting threat actors before they can move laterally through an organization and create havoc. All this enables an organization to continue functioning during a crisis, protecting critical assets.
Understanding the threat environment is multi-faceted, and making a plan is crucial. Some of the task must drill into organizational and industry specifics – what is the supply chain, what are the critical assets and how are they protected, what is the scale-over capability, and what operational technology is available. Additionally, organizations can lay over scoring frameworks that provide a comparative and statistical perspective on preparedness.
Karir outlined how the FICO® scoring system provides one dimension. Based on historical data and refined through machine learning technology, the FICO® Cyber Risk Score is a statistical synthesis presented as a “decisionable” metric. Focused on quantifying cyber security culture, its data points measure human behaviors, not technical vulnerabilities. Thus, an individual organization’s score may predict the likelihood of a future breach rather than describe a past one. It can also be used by companies to assess whether their current posture matches their risk tolerance and discover how they compare to other organizations in their industry.
The CrowdStrike Falcon Platform takes a different, but complementary approach. Perry described how the system uses internal data to enhance situational awareness. To “filter the noise” the Falcon Platform monitors endpoint activity and IT hygiene within an organization to monitor changing threat levels. As a result, an organization can understand its baseline, assess what is a reasonable norm, and allocate resources when the threat level rises.
Nunziata affirmed the need for a variety of tools. As carriers know, cyber insurance lacks the depth of historical data found in other types of insurance; therefore, analytics can provide additional ways to add depth. Underwriters can use this added context to recommend customized pre-breach activities to insureds and to inform conversations which enhance the renewal process. If data analytics, artificial intelligence, and machine learning can also be used to drive coverage in SME and middle market, they can also fill a problematic gap.
Cyber security is an industry hungry for data. Predictive techniques, collaborative structures, and analytic tools may provide a hopeful solution – one that gets the most clarity and value from the data at hand.