There are two diffs everyone has a credit score and absolutely no one understands what makes up their credit score. A cyber risk score is the exact opposite. Not every company has a cyber score or truly understands their cyber risk, but we can absolutely tell you what goes into the algorithm that makes up your company’s risk score.
Risk is all about visibility and mitigation. When you consider the devastating cyber-attacks that have recently hit companies there has never been a more critical time in history for every company, in every industry to have complete visibility of their digital infrastructure and the risk they have for a potential cyber event.
AgileBlue is a SOC-as-a-Service that provides technology that collects data on everything in our customers digital infrastructure; servers, endpoints, cloud, applications, API’s, networks, etc.—we see it all. In having this 100% visibility, we are able to apply our algorithmic models. A proper risk score needs to understand and apply the proper weighting to determine a true risk score with mitigation recommendations. Some of these factors include:
- Vulnerability management assessment compared to third party threat intel and CISA’s daily top 10
- Number of daily malicious alerts
- How many of those are immediate known false positives
- Number of alerts open and escalated with a multiplier by days outstanding
- Total % of devices being monitored – hint: needs to be 100%!
- How many of Microsoft’s and CISA’s top 12 cyber risk strategies are being employed by your company
- Analysis of third-party threat intel
These are important and critical to the core of the risk score but not the only factors that go into a proper cyber risk score. Schedule a demo to discuss how we calculate risk score and how it can help your business.