Cyber Risk Analysis for Unpatched Endpoint Vulnerabilities and More Remote Work Security Challenges

June 11, 2020  Erin Macuga

Work from Home (WFH) has not only become the new normal for many now, but it’s increasingly clear that, at companies where remote work is possible, it’s likely to go on to a great degree even after the COVID19 crisis passes. The line between home and office has probably been blurred permanently.

That means CISOs need to look beyond the short-term challenges of recent weeks and start thinking about the ongoing risks from a distributed workforce and how they would affect the bottom line.

Erin Macuga is a Risk Consultant with RiskLens

By utilizing the RiskLens SaaS platform, running on the FAIR standard for cyber risk quantification, analysts can quantify probable risks in dollars and cents for WFH loss events such as:

  • DDoS attack against VPN
  • Vulnerabilities exploited in unpatched VPN
  • Utilizing work VPN for personal use
  • Connecting non-work devices to work VPN – mobile devices
  • Mobile devices with malware on VPN or being used for work
  • Inability to access databases needed for work
  • Malware on home network gets onto company network when connect
  • Increased phishing attempts surrounding COVID19
  • Hacker uses phishing to steal company data
  • Hacker uses phishing to install malware
  • Employee gets laid off or is furloughed but still has access to all information
  • Insecure WiFi networks – using public WiFi
  • Inability to effectively patch endpoint vulnerabilities

Quantitative Risk Analysis for Unpatched Endpoint Vulnerabilities

One specific example from above would be looking into the potential ramifications of an unpatched vulnerability. Some companies are putting patches and updates on hold as their resources are strained with the new work from home culture. They may be looking to install features that would provide stability from the increased external traffic of the remote workforce. However, this interruption in patching will leave vulnerabilities on enterprise endpoints open to be exploited by malicious actors.

In order to define what specific risk scenarios are related to this vulnerability, the analyst would start by determining what item of value is of the most concern. This could range from a specific workstation with access to high value information, such as your head of sales, a particular database, or even a specific process that would be impacted from an unpatched endpoint vulnerability. In this instance let’s say the most probable and biggest concern is a particular database accessed by all employees.


Asset: Key database containing sensitive information

Threat: External Actor (Cyber Criminal)

Effect: Confidentiality

Method: Exploiting an unpatched endpoint vulnerability & targeting the database

Since we’ve defined the scenario, the analysts would then talk to SMEs within the organization or use the knowledge they already have to determine the magnitude (associated cost) by looking at the six forms of loss (from the FAIR model) that directly affect the organization or indirectly affect customers or other stakeholders, if this incident were to occur.

Top Risks Reporting and Risk Assessment for Work from Home Cybersecurity

This same approach can be taken to clearly define each of the concerns facing the organization. Then, using the Rapid Risk Assessment capability of the RiskLens platform, in minutes per scenario, the company can determine what the costs would be if each event were to occur. By doing so, they can quickly determine what the top risks are to the organization as employees work from home and begin to address accordingly.

The results of each individual risk scenario will include the most likely cost if this event occurred in the next year, including the 10 th and 90 th percentiles, to give a range of values. This annualized loss exposure can then be used to show decision makers what the loss exposure would be and how best to prioritize security investments.

Additionally, these scenarios can be aggregated to calculate a total loss exposure. The chart below is a loss exceedance curve showing the aggregate annualized loss exposure (ALE) of all the WFH risks from the list above. The values on the curve show the range of exposure the organization is exposed to in a given year from WFH-related scenarios.

Get Started with RiskLens Cyber Risk Solutions for Remote Work Security Challenges

RiskLens offers a Rapid Risk Assessment solution using the RiskLens platform, the SaaS solution built on the FAIR model, the international standard for cyber and technology risk quantification. With a Rapid Risk Assessment, organizations are able to identify, prioritize and communicate their top risks in financial terms, with the speed and clarity that the business demands.

  • RiskLens consultants will get you started with a 2-3 day kickoff workshop, and set-up of the RiskLens platform.
  • The RiskLens platform comes with built-in with industry risk data and a simple, intuitive assessment process, two features that enable risk assessment measured in minutes, not weeks.
  • The platform generates flexible and customizable reports (including top risks for probable loss exposure, all risks prioritized, highest severity loss event and many more) in financial terms ready to present to non-technical, business audiences.
  • Consultants leave you with a blueprint for your team to go forward with a self-sustaining analysis program, complimented by coaching from RiskLens as needed.

Contact us to learn more about Rapid Risk Assessment and cyber risk quantification.