Treasury News Network

Learn & Share the latest News & Analysis in Corporate Treasury

  1. Home
  2. Fraud Prevention
  3. Anti-Money Laundering

How vulnerable is your company/vendors to cybersecurity hacks? Do you really know?

by Kylene Casanova

There is a myth that: “If you can’t measure it, you can’t manage it”*, but there are also many aspects of that cannot be measured which managers must also deal with too. Even so, the starting point for minimising your cybersecurity risk has to be understanding of the basic metrics of how good or bad your security systems and processes really are. BITSight Security Ratings, one of the leaders in assessing security risk and performance, recommend* * that companies need to understand and tackle:

external threats by tracking the number of:

  1. botnet infections per device
  2. unpatched known vulnerabilities
  3. properly configured SSL certificates 

insider threats by tracking:

  1. amount of peer-to-peer file-sharing activity on a company’s corporate network
  2. % of of employees with “super user” access
  3. average number of days between notification of job departure and elimination of corporate access
  4. frequency by which employee access is reassessed

supply chain threats by tracking:

  1. number of open ports during a period of time
  2. percentage of third-party software that has been scanned for vulnerabilities prior to deployment
  3. frequency by which a company reviews its entire list of suppliers and vendors and designates those that are critical
  4. frequency by which a company verifies its vendor’s controls
  5. percentage of critical vendors whose cybersecurity effectiveness is continuously monitored.

Operating a cybersecurity management programme

To operate a cost effective, practical cybersecurity programme, for themselves and their vendors companies need to:

  1. live by the motto that, as BITsight put it, “There is no guaranteed security, only less risk.”
  2. accept that the cybersecurity risks needs to be monitored and managed in both your organisation AND your vendors
  3. continously monitor and manage these 12 cybersecurity metrics (in real-time if possible).

———

* Often attributed incorrectly to W Edwards Deming the management consultant who was ”the high prophet of quality" according the New York Times 

* * This post is based on BITsight’s ‘Guide to 12 cybersecurity metrics your vendors (and you) should be watching’

CTMfile take: This may sound ‘over-the-top’, but a major cyber hack could be catastrophic for your company, just ask T-mobile or CIA Director John Brennan, who were hacked in 2015, how they found the experience.

Like this item? Get our Weekly Update newsletter. Subscribe today

Also see

Add a comment

New comment submissions are moderated.