Cyber Risk Indicators is an analytical service provided by Swascan to raise awareness and provide an overview of various italian industries’s cyber security state.
The Cyber Risk Indicators service determines and measures the potential cyber risk of the industry sector under analysis.
The analysis takes into consideration 20 organizations among the top 100 on a turnover basis of the product market under analysis and refers to the 30 days prior to the publication of the analysis.
For each selected organization, Domain Threat Intelligence (DTI) is performed using the Swascan Cyber Security Platform.
Cyber Risk Indicators: Threat Intelligence
Swascan’s Threat Intelligence services are:
Domain Threat Intelligence: Domain Threat Intelligence searches for public and semi-public information about domain and subdomain vulnerabilities and compromised email. The service does not perform any test on the target. It operates only on the information available in the web, darkweb and deepweb. It collects, analyzes and clusters the information available in OSINT (Open Source Intelligence) and Closint (Close Source Intelligence) on databases, forums, chats, newsgroups. Specifically, based on the domain-target under analysis, it identifies:
- Potential Vulnerabilities
- Vulnerability details in terms of CVE, impacts and severity
- GDPR Impacts (CIA)
- Number of Subdomains
- Number of Potential Compromised Emails (only counted, not collected or processed)
- Number of Compromised Email Sources
Cyber Threat Intelligence: This is Swascan’s advanced Threat Intelligence service. It carries out a research, analysis and collection activity of the information available in the web, dark web and deep web and related to the domain/target under analysis. Specifically:
- Data Leaks: credentials/source/data
- Identifies ….Forum/Chat/…
- Botnets related to Customer, Supplier and Employee devices
- Botnets with credentials and related login page urls
- Attack Surface
- Top Manager Analysis
Early Waring Threat Intelligence: it is the early warning service that daily reports the evidences that are identified and collected in the dark web and deep web regarding the target under analysis. Specifically:
- Data Leaks
- Scraping data
- Phishing data
The Cyber Risk Indicators service is determined on the basis of the evidence identified through the Domain Threat Intelligence. It is applied to the 20 sample organizations of the industry under analysis and it allows to identify for each organization:
- Technological Risk,
- Compliance Risk
- Social Engineering Risk.
The Cyber Risk Indicators of an industry is determined through an average of the indicators.
Technology Risk Indicator
The DTI service allows to extract information regarding the known potential technological vulnerabilities in terms of OSINT and CLOSINT. These are identified by a CVE (Common Vulnerability and Exposures) and listed as high, medium and low severities according to the CVSS score (Common Vulnerability Scoring System).
The Technology Risk Indicator is determined by the average number of potential vulnerabilities that affects the sample of organizations within the analyzed industry, followed by the percentage of the trend compared to the previous month:
Therefore, an indication on the percentage value of each severity level was given for the industry’s vulnerabilities, followed by the percentage of the trend compared to the previous month:
Potential vulnerabilities identified primarily refer to:
- Not updated systems
- Unpatched systems
- Vulnerable Remote Desktop Protocol systems
The Technology Risk Indicator determines the exposure to the risk of a cyber attack by exploiting technology vulnerabilities through the execution of exploits.
Compliance Risk Indicator
The potential vulnerabilities identified by the DTI service are associated to the concerning CVE (Common Vulnerability and Exposures) and divided by high, medium and low severity on the basis of the CVSSv2 score (Common Vulnerability Scoring System). Through the concerning vector string for each CVE, the potential impacts in terms of Confidentiality, Integrity and Availability of the data are indicated.
The average impact percentage of the vulnerabilities on the CIA (Confidentiality, Integrity and Availability), divided by single components of the CIA and by level of severity, is reported in the Compliance Risk section.
The indicator determines the potential level of:
- Compliance in terms of GDPR
- Agid Compliance for Public Administration
- ISO27001 Requirement
Social Engineering Risk Indicator
The Domain Threat Intelligence performed on the sample of organizations, allows for counting ( not collecting or processing):
- The number of compromised emails
- The number of data breaches with compromised credentials
It should be noted that the compromised emails refer to corporate emails that employees have used to register to third party sites/services. Sites and services that have undergone a Data Breach over the years making the relative credentials available to the public and semi-public.
The Social Engineering Risk Indicator shows the Human risk of the product sector and the percentage trend compared to the previous month:
Specifically, the Social Engineering Risk Indicator identifies risks related to:
- Spear Phishing
- Business Email Compromised
- Credential Stuffing
- Credential Take Over
Besides, given employees improper usage of business emails not for working purposes, it identifies a critical issue concerning the organization.