Know thy enemy: Three easy ways to reduce cyber risk

Cybersecurity versus cyber risk – what’s the difference? It’s easy to confuse cybersecurity and cyber risk. There’s considerable overlap between the two, but they are subtly different and it’s important to understand the distinction.

When we think about security, we tend to think about the various threats to our networks, data, and endpoints — as well as the steps we take to protect them. However, these things aren’t quite the same as cyber risk.

Confusing, isn’t it? Here’s a simpler definition. 

Think of cyber risk management as minimizing the probability of economic loss due to cyber events, whereas network security aims to prevent malicious cyber events from happening. 

For example, you might have great homeowner’s insurance which will recoup 100 percent of your losses if anything is stolen from your home. You successfully managed the risk of economic loss from theft. In contrast, securing your house means you need to make sure you locked all your doors and windows and set the alarm each time you leave the house. 

Can improving security mitigate cyber risk?

Risk management can be expensive. Nothing in this world is free and insuring your enterprise against cyber threats is no exception. But that doesn’t mean you can’t use the overlap between security and cyber risk to your advantage. After all, one of the outcomes of good network security is improving your cyber risk management.

So, what can you do about this? Here are three actions you can take right now.

  1. Reduce your security information and event management (SIEM) alerts – And know which ones to investigate
    Typical enterprise security teams face over a million SIEM alerts every day. You don’t need to be a mathematician to know that’s too much for any team to reasonably prioritize and investigate. That’s why so many SIEM alerts get ignored — helping attackers slip through the cracks.

    However, many of these alerts aren’t actionable. You’re just the next IP in line in an automated scan or probe, and if you can block the connection at the first packet there’s no further action to take. So why deal with the alert in the first place? By deploying a threat intelligence gateway, you can block up to 80 percent of malicious traffic from ever making it to your network in the first place. Not only does this dramatically reduce your SIEM alerts, it also takes the pressure off your next-generation firewall. 
  2. Contain whatever gets past your first line of defenses
    The other advantage of a threat intelligence gateway is that it automatically blocks command and control (or C&C) connections from malware like ransomware. These tools are backed by threat intelligence teams with global honeypot networks that run around the clock — examining malware and tracking the C&C servers that manage malware networks. Because of that, these tools can block the “phone home” connection from active malware that’s made it into your network — enabling you to not only prevent malware from inflicting damage and spreading, but also identify which systems are infected and need remediation. This doesn’t replace your endpoint security product (which can do behavioral detection and spot malicious activity), but it greatly reduces the impact that an infection can have on your network. 
  3. Continuously test your own defenses
    Security is never static. New misconfigurations, threats, and vulnerabilities emerge every day. That’s why it’s so important to ensure that your network and endpoint security policies are being enforced the way that you expect. The latest Verizon Data Breach Investigation Report revealed that simple misconfigurations cause far more breaches than technology gaps. 

    So, what does this mean? In essence, you need to think like an attacker. That’s where breach and attack simulation tools come in. These tools make it easy to safely simulate a wide array of exploits and attacks against your security stack (endpoints, firewall, WAF, DLP, etc.), identify vulnerable misconfigurations, and fix whatever gaps you find with step-by-step remediation instructions. 

Don’t wait for attackers to test your own defenses. An investment to strengthen your network security will reduce your likelihood of suffering a major breach. 

Considering the costs associated with such attacks — including legal and compliance fines, reputational damage, and market capitalization losses — it’s hard to imagine a more risk-mitigating investment than improving your network security.