Data analytics for proactive risk management

  • techUK techUK
    Thursday28May 2020
    Opinions

    Guest blog: Cristina Jerney, Marketing and Communications Executive, CyNation highlights how data analytics can be used for proactive risk management.

Digital transformation has completely revolutionised business, attempting to streamline everything from working to supply chain to data storage. These innovations are key to increased efficiency, profitability and success – if they are applied with an organisation’s cybersecurity posture in mind.

Most organisations are now incredibly dependent on their third parties, such as suppliers and IT vendors. In addition to this, suppliers and vendors often rely on their own third parties, creating a far-reaching ecosystem that may seem too large to properly monitor. However, as third parties often have access to an organisation’s assets, it is crucial to understand the scope of the ecosystem and the inherent risks associated. An attacker only needs to breach the weakest link in the ecosystem to access sensitive data. Therefore, while the benefits of digital transformation are undeniable, businesses are more vulnerable than ever to a variety of cybersecurity, compliance and business risks.

As such, these risks should be managed to ensure operational resilience and business continuity. This process must begin with the collection of accurate, up-to-date and relevant information on potential threats and common risks within an organisation’s digital ecosystem. A variety of data categories from multiple sources should be considered to give a comprehensive picture of vulnerabilities. These categories include, but are not limited to, endpoint security, regulatory compliance, financial risk and news and reputation. Note that these are not strictly cybersecurity categories; however, knowing from the news that a third-party has been breached can go a long way to ensuring the breach does not spread to your organisation.

Gathering information from various sources is also valuable, as risk indicators that appear from more than one source can be more easily verified. Sources for these data categories can include open-source intelligence, non-intrusive vulnerability scans, vendor self-assessments and enterprise data streams.

After key threat intelligence has been identified, organisations must put the data to work by analysing the data to come to actionable conclusions. This work can be done by a team of risk analysts, an integrated risk management platform or a combination of the two. With the advances in AI and machine learning, some integrated risk management platforms offer automatic classification and analysis, revealing connections that may not have been immediately obvious. Ideally, the analysis will highlight not only the cybersecurity threats but also the business implications – noting a vulnerability is useful, but more crucial is preventing its potential negative impacts on your organisation. This analysis should then guide any mitigation actions and directly influence the overall risk management strategy.

Risk data collection and analysis should be a continuous process, as brief, periodic snapshots of risk indicators will quickly become outdated and useless. Common risk indicators can then be classified and dealt with routinely, while larger risks can be proactively managed. This is the next critical step in digital transformation – understanding your organisation’s attack surface and potential risks will prevent substantial breaches, costly fines and a damaged reputation.

As digital transformation continues, there are some risks that can no longer be ignored. Risk data analysis can help your organisation be more secure and compliant, ensuring business continuity.

To read more from techUK's Data Analytics week, visit our landing page by visiting here!

  • Katherine Mayes

    Katherine Mayes

    Programme Manager | Cloud, Data, Analytics and AI
    T 020 7331 2019

Share this

FROM SOCIAL MEDIA

A thank you letter from @NHSX and @tara_donnelly1 to all the industry partners that have helped sustain and protect… https://t.co/1eoIZWCHaU
techUK is delighted to share an early insider's glimpse of @educationgovuk ambitious new programme to provide lapto… https://t.co/zrZezoVKUw
.@MicrosoftUK has committed to help 25 million people who have lost their job due to #COVID19 to reskill for roles… https://t.co/OMbuxDTGcS
ICYMI @MeVitae discussed how to ensure the hiring process is free of prejudice & latent bias with new technologies… https://t.co/PkINRjxvBK
Fewer frameworks and more ministerial muscle – how government can make good on its SME agenda - techUK's Head of Pu… https://t.co/YwATVtAIGT
We have an exciting line-up of speakers who will be sharing their insights on customer innovation and Open Banking… https://t.co/IUpE3DKMCd
Last chance to register for our Monday event on how AI can help us adapt to climate change. Awesome panel with our… https://t.co/gmPF7VyvE9
Become a Member
×

Become a techUK Member

By becoming a techUK member we will help you grow through:

Click here to learn more...