Updated: Apr 14, 2021
Cyber attacks are widely perceived as the global risk of highest concern to business
leaders in advanced economies. Exposure to cyber risks continues to grow exponentially
as firms become more dependent on technology and adopt artificial intelligence to aid
and ease business processes. This digital transformation as can be seen with the increase
in globalization and distributed workforces, an interconnected web of employees,
customer, and third-party vendors being linked to the enterprise network, all represent
potential areas of compromise.
What are these cyber risks we speak of?
Cybersecurity Risk is the likelihood of harm or loss caused by cyber attacks and data
breaches and according to a 2019 Global Risk Perception Survey, the fastest growing
enterprice risk today. Deliotte’s 2019 Future of Cyber Survey found the qualitative and
quantitative impact of cyber risk to be as shown in the image below:
The most effective cyber risk management strategy must involve first and most importantly,
understanding the organization’s security posture. An organization’s security posture is
basically how resillient it is to cyber threats and attacks. It shows:
a. Security status of software and hardware assets, networks, services, and
b. Controls and measures that are in place to protect from cyber-attacks.
c. Ability to manage defenses.
d. Readiness and ability to react to and recover from security events.
Determining [cyber] security posture is a thorough process that takes three (3) key steps;
getting accurate IT asset Inventory, mappping the attack surface and understanding the
cyber risk involved.
Source: Balbix’s Definitive Guide to Security Posture
Some [software] tool categories that are best suited for this purpose (and take into
account the blindspots) are briefly discussed below, with examples:
a. STEGANOGRAPHY TOOLS (Xiao Steganography): For encoding and
decoding digital media files.
b. CONFIGURATION COMPLIANCE SCANNERS (SolarWinds Network
Configuration Manager – NCM): For ensuring all computer and server setttings are
properly configured as they should be.
c. WIRELESS CRACKERS (Fern Wi-Fi Cracker): For cracking and recovering
WEP/WPA and WPS keys.
d. PROTOCOL ANALZERS (Wireshark): For capturing all traffic going through a
e. NETWORK MAPPERS (SolarWinds Network Performance Monitor - NPM):
For showing all the devices on a network, alongside their operating systems and all
services running on them.
f. NETWORK SCANNERS (Acunetix): For mapping out a network in a way that
shows all network devices, performance data and packet loss.
g. PASSWORD CRACKERS (John The Ripper): For performing the most common
Dictionary, Rainbow Table and Brute Force attacks.
h. VULNERABILITY SCANNERS (Microsoft Baseline Analyzer): For scanning
hosts to find missing patches (known as non-credentialed scanners) and auditing
files and permissions to find vulnerabilities (credentialed scanners).
i. ROGUE SYSTEM DETECTION TOOLS (McAfee Rogue System Detection): For
detecting rogue and unmanaged devices and helping you protect your network.
j. EXPLOITATION FRAMEWORKS (Metasploit): For developing and executing
exploit code against a remote target computer. Can also be used to harden IT
systems before they are attacked.