Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecuritySecurity Enterprise ServicesSecurity & Business Resilience

Data-driven cyber risk assessment can bolster business continuity

By Daniel Rosenberg
Cybersecurity training
December 24, 2020

Business continuity strategies were put to the test when millions of organizations across the world were suddenly forced to take their workforce to a fully remote environment in response to the COVID-19 pandemic. While many businesses have successfully adapted to these changes and sustained productivity, the remote work environment comes with increased cybersecurity risks.

While working remotely, many employees are using personal devices to conduct company business, are logging onto critical systems using vulnerable networks, and may not have installed critical security patches onto their devices. The technologies that make it easier for employees to collaborate and work efficiently also create new access points for would-be attackers.

The “new normal” requires a longer-term strategy that balances company objectives and greater cybersecurity risks to survive and thrive in uncertainty. Integrating a data-driven information security program has countless benefits for any business. Organizations can employ data analytics and visualization to inform their decisions and mitigate risks. Furthermore, security leaders can leverage this approach to communicate with executives and other key stakeholders.

Start with a detailed cybersecurity risk assessment

As organizations strive to execute their mission-critical strategies and manage uncertainty, they must also assess risks derived from increasing cybersecurity threats and mind compliance requirements.

The 2020 Verizon Data Breach Report indicates that misconfiguration errors are now more common than malware attacks – largely due to the increasing volume of internet-exposed storage, or cloud storage. Your company may have realized that employees were not as productive working remotely and decided to migrate file servers or applications to a cloud environment. Deploying to the cloud may improve efficiency in the short term, but the risks of misconfiguration can be substantial. Companies of all sizes need to establish the right controls to determine the risk of cloud servers being misconfigured and becoming vulnerabilities.

The cybersecurity risk assessment process requires companies to take inventory of their IT assets, incorporating their criticality and sensitivity to the organization. The assessment should detail the likelihood of a threat actor exploiting a vulnerability against a particular asset, and the potential impact of the incident on the organization.

Given the dispersed nature of the workforce because of the COVID-19 pandemic, it is more important than ever for the risk assessment process to be informed by actionable data.

A risk assessment informed by well-defined key performance and risk indicators can be used to communicate the value proposition of cybersecurity to stakeholders and decision-makers. Security leaders can use business intelligence (BI) dashboards, data visualizations, and risk assessments as communication tools with management, linking decisions to strategic objectives, identifying trends, and measuring outcomes. BI tools are specifically designed to prepare, analyze and generate interactive visuals that can help communicate the value of a project and identify areas for further analysis, including potential risks and opportunities.

Organize data – visual results are easier to communicate

A well-designed information security program, informed by data, should integrate into the risk assessment process and overall business strategy.

In a remote working environment, a great deal of detail and complexity goes into gathering the data that flows through organizations via employee home Wi-Fi connections, personal devices, and the internet of things (IoT). Too often, an organization’s IT security leader (CSO or CISO) is presented with either too much or too little data, which makes it challenging to identify useful insights.

Cybersecurity professionals need to consolidate and manage IT-related data to gain analytical insight more easily, improve security and performance, and communicate the impact of key metrics to management. If company leaders do not fully understand why cybersecurity measures are important to the business, it will be difficult to secure the buy-in necessary to obtain funding for cybersecurity initiatives, which could expose the business to significant risk.

Companies can use specialized software to compile information from various sources and generate data visualizations, making it easier to aggregate and analyze data sets. Data visualizations such as histograms, line charts, pie charts, scatter graphs and performance gauges, among others, are designed to capture the readers’ attention, trigger an action when important trends are identified, and measure whether goals are achieved. These BI tools can help management identify opportunities for improvement.

Using visuals designed to identify and clearly highlight specific risk scenarios, CISOs and CSOs can empower management to understand the benefits of implementing a particular technology solution, weighed against any relevant risks.

Is your business exposed?

Many CISOs would have a major cause for concern if a penetration test uncovered the following:

  • Significant number of high-risk network vulnerabilities. These may derive from a large number of remote employees connecting to the company network via unsecured Wi-Fi connections.
  • Critical security patches have not been installed on employee laptops for more than six months. When employees use personal devices to conduct business, the organization has no oversight of those devices’ setup, which may not include proper encryption or the latest version of an operating system.
  • Antivirus definitions are not configured to automatically update. Employee laptops that have out-of-date antivirus definitions may be vulnerable to known malware attacks, which could go undetected and may be exploited by an attacker.
  • Spike in the number of new privileged accounts. An attacker who has gained access to a vulnerable endpoint using a misconfiguration error might find other vulnerabilities that are only accessible from inside the network. The attacker may use the vulnerability to elevate their permissions and create privileged accounts designed to discreetly exfiltrate company data.
  • Critical systems that do not require multi-factor authentication for access. User accounts should be protected using multifactor authentication throughout the organization, especially on those accounts that provide access to critical applications with customer data. Attackers could use stolen credentials to gain access to user accounts.
  • Poor phishing testing results. When was the last time you phished your own employees? Their performance on a phishing risk assessment can provide useful insight to determine whether additional training should be offered, or if it’s time to invest in additional security measures.

A properly implemented cybersecurity dashboard could reveal trends in the data, providing security leaders with a clear, objective way to evaluate relevant risks on a regular basis. This dashboard can also make it easier for CSOs and CISOs to communicate results to business leaders and recommend where to focus the organization’s resources and budget.

Impact is everything – data-driven decisions save time and money

Utilizing cybersecurity best practices and frameworks as a guide, IT leaders can structure their information security program to measure and track a variety of metrics. These metrics may include a mix of operational and cybersecurity statistics, comprising a data strategy that can be integrated into the business to inform the risk assessment process.

By gaining an understanding of the key performance indicators (KPIs) and key risk indicators (KRIs) affecting cybersecurity, an organization can quantify how an information security program is performing and gain actionable insight into threats and vulnerabilities.

Companies are increasingly reliant on third parties to provide contracted labor, cloud services, software as a service (SaaS) platforms, and artificial intelligence (AI) solutions. While these services may provide benefits to allow the organization to operate remotely and focus on its core business, they could potentially increase or introduce new risks.

For example, a chatbot provider with access to more data or more permission than it requires might make serious mistakes, which can result in an embarrassing situation for the company. Microsoft’s chatbot reportedly "made a racist error while aggregating another outlet's reporting, got called out for doing so, and then elevated the coverage of its own outing.”

Security professionals need to be able to communicate the ultimate business value of cybersecurity solutions using tangible data. Tracking performance metrics, such as the average time to deploy patches, percentage of systems with outdated antivirus definitions, and the number of emergency changes, can help provide insight into why an organization should invest in cybersecurity measures and which measures should be prioritized.

Believe in the process – digital transformation requires commitment

A well-implemented and designed cybersecurity data strategy requires a detailed process. Good decisions come from learning and a commitment to refine the decision-making process.

As global digital transformation progresses and remote work becomes the norm for more businesses, tools that were previously out of reach for many organizations have now become increasingly accessible and viable.

CSOs and CISOs who are developing a strategy for the “new normal” should balance overall business objectives with the need to mitigate increasing cybersecurity risks. A data-driven approach that aligns with information security can enable organizations to employ powerful data analytics and visualizations to inform their decisions, guide the implementation of systems and processes, and help them mitigate risks.

Security leaders can use advanced BI tools to aggregate data from a vast array of sources, linking key metrics to business goals and solidifying the partnership between the organization and its IT stakeholders.

Securing support for security initiatives is crucial at a time when threats are more persistent than ever, and remote working environments have introduced new risks and vulnerabilities.

KEYWORDS: coronavirus COVID-19 cyber security cybersecurity analysis cybersecurity defense cybersecurity readiness cybersecurity training remote work remote workforce risk analysis risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Daniel Rosenberg is Kaufman Rossin’s Supervisor of Cybersecurity & Compliance Services.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Enterprise Services
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cybersecurity
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Logical Security
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Red laptop

Cybersecurity leaders discuss Oracle’s second recent hack

Pills spilled

More than 20,000 sensitive medical records exposed

Coding on screen

Research reveals mass scanning and exploitation campaigns

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

November 17, 2025

SECURITY 500 Conference

This event is designed to provide security executives, government officials and leaders of industry with vital information on how to elevate their programs while allowing attendees to share their strategies and solutions with other security industry executives.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • SEC0519-Review-Feat-slide1_900px

    How Human-Layered Security Can Reduce Email-Driven Data Breaches

    See More
  • SEC_Web_5Minutes-Turgal-0222_1170x658.jpg

    5 minutes with James Turgal: Risk management, business continuity and succession plans

    See More
  • SEC0820-Cover-Feat-slide1_900px

    Managing Risk, Business Continuity and Resiliency during a Pandemic

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing