Data analytics for proactive risk management

  • techUK techUK
    Thursday28May 2020
    Opinions

    Guest blog: Cristina Jerney, Marketing and Communications Executive, CyNation highlights how data analytics can be used for proactive risk management.

Digital transformation has completely revolutionised business, attempting to streamline everything from working to supply chain to data storage. These innovations are key to increased efficiency, profitability and success – if they are applied with an organisation’s cybersecurity posture in mind.

Most organisations are now incredibly dependent on their third parties, such as suppliers and IT vendors. In addition to this, suppliers and vendors often rely on their own third parties, creating a far-reaching ecosystem that may seem too large to properly monitor. However, as third parties often have access to an organisation’s assets, it is crucial to understand the scope of the ecosystem and the inherent risks associated. An attacker only needs to breach the weakest link in the ecosystem to access sensitive data. Therefore, while the benefits of digital transformation are undeniable, businesses are more vulnerable than ever to a variety of cybersecurity, compliance and business risks.

As such, these risks should be managed to ensure operational resilience and business continuity. This process must begin with the collection of accurate, up-to-date and relevant information on potential threats and common risks within an organisation’s digital ecosystem. A variety of data categories from multiple sources should be considered to give a comprehensive picture of vulnerabilities. These categories include, but are not limited to, endpoint security, regulatory compliance, financial risk and news and reputation. Note that these are not strictly cybersecurity categories; however, knowing from the news that a third-party has been breached can go a long way to ensuring the breach does not spread to your organisation.

Gathering information from various sources is also valuable, as risk indicators that appear from more than one source can be more easily verified. Sources for these data categories can include open-source intelligence, non-intrusive vulnerability scans, vendor self-assessments and enterprise data streams.

After key threat intelligence has been identified, organisations must put the data to work by analysing the data to come to actionable conclusions. This work can be done by a team of risk analysts, an integrated risk management platform or a combination of the two. With the advances in AI and machine learning, some integrated risk management platforms offer automatic classification and analysis, revealing connections that may not have been immediately obvious. Ideally, the analysis will highlight not only the cybersecurity threats but also the business implications – noting a vulnerability is useful, but more crucial is preventing its potential negative impacts on your organisation. This analysis should then guide any mitigation actions and directly influence the overall risk management strategy.

Risk data collection and analysis should be a continuous process, as brief, periodic snapshots of risk indicators will quickly become outdated and useless. Common risk indicators can then be classified and dealt with routinely, while larger risks can be proactively managed. This is the next critical step in digital transformation – understanding your organisation’s attack surface and potential risks will prevent substantial breaches, costly fines and a damaged reputation.

As digital transformation continues, there are some risks that can no longer be ignored. Risk data analysis can help your organisation be more secure and compliant, ensuring business continuity.

To read more from techUK's Data Analytics week, visit our landing page by visiting here!

  • Katherine Mayes

    Katherine Mayes

    Programme Manager | Cloud, Data, Analytics and AI
    T 020 7331 2019

Share this

FROM SOCIAL MEDIA

techUK has written to @CommonsFREU on why a UK-EU FTA and positive adequacy decision is vital for the UK tech secto… https://t.co/J30rv2AmZj
A deal with the EU along with investing in skills and the UK's digital transformation are vital to our economic rec… https://t.co/iToOuFfecc
Calling for big ideas! Festival UK* 2022 is now open for a unique £3m funded R&D opportunity, investing in the crea… https://t.co/LjlygntGr5
On Monday, join the techUK Accessible Tech Group at BEEqual's collaborative event during #NationalInclusionWeek wit… https://t.co/f7peMjGr7C
Become a Member
×

Become a techUK Member

By becoming a techUK member we will help you grow through:

Click here to learn more...