Cybersecurity Risk Assessment

Posted March 1, 2022

There is no escaping the reality that we live in a world of geopolitical tensions and increasing threats from cyberattacks. Just last week the FBI issued a Liason Information Report (LIR) warning of a deteriorating security situation in Eastern Europe and the threat it imposes on the private sector in the U.S.

“The FBI Cyber Division, in coordination with the FBI’s Office of Private Sector (OPS), prepared this LIR to inform the private sector about the threat of Russian state-sponsored advanced persistent threat (APT) cyber activities, while tensions with Russia are heightened,”

The FBI report said such Russian APT actors “have used spear-phishing and brute force cyber network attacks (CNA), while exploiting known vulnerabilities against accounts and networks with weak security.” And as WatchGuard reports, zero-day attacks are increasing and now comprise over 67% of all attacks.

We know corporate networks are under increasing threat of zero-day, APT, and phishing attacks. The good news is we also know what to do about it. These times of heightened awareness are the perfect time to assess your organizations cybersecurity risk profile. And assessing your risk scenarios before an attack happens can greatly enhance deployments by adding clearly collected facts and analysis to response decisions.

A cybersecurity risk assessment is a process of identifying, estimating, and prioritizing information security risks. The risk assessment covers everything from policies, processes, employee training, and technologies used to protect an organization’s users and data. Cybersecurity risk assessments often leverage third-party cybersecurity frameworks, compliance, or regulatory standards to compare an organization’s security controls and posture against time-tested industry standards and best practices. The assessment serves as the launching point for an organization to better understand its current state of security and areas for improvement.

In creating your risk assessment, you will want to consider these common business use cases.

On-site: Are your employees accessing company data and platforms from the office?
Remote home office: Do you have a lot of employees working from home?
Remote coffee shop, shared office: Do you expect your remote employees to access company networks from locations such as coffee shops?
Traveling users: Do you have employees who travel and may access work platforms while on the go?
Vertical: Is the service your company offers associated with specific business hours? For example, healthcare offices
Third-party providers: Do you provide corporate network access to contractors or third-party providers?
Device: Do you expect employees to access work information using their own devices?

Cybersecurity risk assessments involve three essential elements: a network assessment, a security assessment, and a vulnerability assessment.

Elements of cybersecurity risk assessment

As part of your risk assessment, you will want to better understand your digital assets and resources. Visibility in these areas can lead to risk mitigation outcomes such as micro-segmentation and a zero-trust environment.

Example micro-segmentation template courtesy WatchGuard

The results of the risk assessment and network segmentation can then lead to informed risk-based authentication which can improve security and usability.

Example Risk Assessment Outcomes

If you are ready to better understand your organization’s current state of security and create a plan to mitigate risk and maintain business continuity in the face of any disruption, contact us. We have the tools and expertise to help.

Kyle Vinar

Kyle Vinar is Partner / President of Verus Corporation. He oversees all business operations and coaches Verus teams to continually improve on their solutions from client experience to product development and overall solution implementation. He works with all Verus resources to increase efficiencies and excellence in every aspect of their organizational roles. Kyle believes that people are the last real competitive edge that a company can have and constructing a rich culture is a vital step in running a world-class organization. Therefore he strives to create a culture within Verus that allows everyone to show up authentically and grow both personally and professionally, which in turn allows Verus Corp team members to provide clients with top-of-the-line service. Kyle helps balance strategy, capacity, and culture in such a way that has allowed Verus Corp to achieve exponential growth since he joined the company in 2013. One of Kyle’s greatest professional achievements has been in helping lay the foundation upon which Verus Corporation could be named the 2nd Best Place to Work by the Minneapolis/St. Paul Business Journal. Kyle holds a Bachelor of Science in Marketing from St. Cloud State University. He lives in Champlin with his wife and 3 children. He has enjoyed volunteering as a soccer coach for over 6 years and was the former Director of Coaching for Rebels Soccer Club. If Kyle isn’t on the sidelines of one of his children’s soccer games or in the audience of his eldest’s musicals, he can often be found cruising scenic routes on his Harley, in a deer stand, or on the golf course.