What’s the risk from spear-phishing, accidental emailing of customer data or other results of the vulnerabilities caused by humans on your systems? Cybersecurity professionals are often stumped on how to answer but RiskLens Vice President of Customer Success Chad Weinman, writing in a new article on ThreatPost, has some solid advice: Look past the humans and focus on the impacts farther down the attack chain.
In Assessing the Human Element in Cyber Risk Analysis, Chad applies FAIR, the model that powers the RiskLens application, and breaks down the analysis into two steps:
- What’s the likelihood that the employee will fall for phishing, send a misdirected email or otherwise mess up?
- What’s the probability of that failure resulting in a data breach or other loss event, and at what cost?
That starts an analyst off on the right foot to collect some solid data based on company experience or industry norms, then run that through Monte Carlo simulation with the RiskLens platform, and generate a graph showing a range of probable losses in dollar amounts on an annualized basis, making it easy for decision-makers to visualize their options. With the RiskLens Sensitivity Analysis function, analysts can also try what-if scenarios for investing in controls.
The bottom line, Chad writes: “You can’t change human nature, but you have a better shot at controlling it if you first can identify your true risks.”
Read the complete article on ThreatPost: Assessing the Human Element in Cyber Risk Analysis