Updated: Apr 14, 2021
Cyber attacks are widely perceived as the global risk of highest concern to business
leaders in advanced economies. Exposure to cyber risks continues to grow exponentially
as firms become more dependent on technology and adopt artificial intelligence to aid
and ease business processes. This digital transformation as can be seen with the increase
in globalization and distributed workforces, an interconnected web of employees,
customer, and third-party vendors being linked to the enterprise network, all represent
potential areas of compromise.
What are these cyber risks we speak of?
Cybersecurity Risk is the likelihood of harm or loss caused by cyber attacks and data
breaches and according to a 2019 Global Risk Perception Survey, the fastest growing
enterprice risk today. Deliotte’s 2019 Future of Cyber Survey found the qualitative and
quantitative impact of cyber risk to be as shown in the image below:
The most effective cyber risk management strategy must involve first and most importantly,
understanding the organization’s security posture. An organization’s security posture is
basically how resillient it is to cyber threats and attacks. It shows:
a. Security status of software and hardware assets, networks, services, and
b. Controls and measures that are in place to protect from cyber-attacks.
c. Ability to manage defenses.
d. Readiness and ability to react to and recover from security events.
Determining [cyber] security posture is a thorough process that takes three (3) key steps;
getting accurate IT asset Inventory, mappping the attack surface and understanding the
cyber risk involved.
Source: Balbix’s Definitive Guide to Security Posture
Some [software] tool categories that are best suited for this purpose (and take into
account the blindspots) are briefly discussed below, with examples:
a. STEGANOGRAPHY TOOLS (Xiao Steganography): For encoding and
decoding digital media files.
b. CONFIGURATION COMPLIANCE SCANNERS (SolarWinds Network
Configuration Manager – NCM): For ensuring all computer and server setttings are
properly configured as they should be.