Business cyber risks rates are holding steady for US companies, according to the US Chamber of Commerce and FICO. Here's how to stay safe.
Cybersecurity risk faced by US businesses held steady in Q1 2019, according to a recent report from the US Chamber of Commerce and FICO.
The quarterly Assessment of Business Cyber (ABC) Risk, based on scoring nearly 2,400 US companies using the FICO Cyber Risk Score, was 687—unchanged quarter over quarter. The ABC indicates the probability of an organization suffering a data breach in the next year, and, like a FICO credit score, ranges from 300 to 850. The higher the score, the lower the likelihood of experiencing a breach.
SEE: Essential reading for IT leaders: 10 books on cybersecurity (free PDF) (TechRepublic)
For small businesses, scores dropping slightly, from 740 to 737, while large firms' scores rose slightly, from 646 to 643.
"The disparity in risk scores between small and large organizations is due to the fact that large firms have a wider attack surface and are more frequently the target of cybercriminals," Doug Clare, vice president for cybersecurity solutions at FICO, said in a press release.
Businesses should note that different industries carry different levels of risk, even outside of the control of individual firms, Clare said in the release. For example, unsurprisingly, banks are a high target, with more valuable data.
Tips to improve cybersecurity
Managing cybersecurity risk involves managing behavioral risks, skills gaps, and technical flaws, the report noted. The US Chamber of Commerce and FICO offered the following recommendations to help businesses stay safe:
1. Use the National Institute of Standards and Technology (NIST) Cybersecurity Framework to develop an information security program. The framework enables organizations—regardless of their size, risk profile, or cyber sophistication—to develop a cybersecurity plan or improve an existing one.
2. Develop a reliable understanding of one's network. This includes identifying assets to apply security management based on risk.
3. Identify functions and teams whose process and policy maturity are not performing adequately. This will enable organizations to identify weak links in technology, personnel, policy, and leadership.
4. Oversee an organization's network team to confirm alignment to the details of network management policies. Avoid unnecessarily exposing network infrastructure assets and ensure correct configuration for those that must be exposed.
5. Protect and monitor network endpoints. Organizations that monitor endpoints are able to provide an early warning of potential problems.
6. Develop a process to confirm that active certificate management programs are in place and are being implemented.
"When we launched the ABC in October 2018, it was a wake-up call to many businesses across the country," Christopher D. Roberti, senior vice president for cyber, intelligence, and security policy at the US Chamber of Commerce, said in the release. "Our focus this quarter is to help businesses understand how to improve their cyber posture. It is important to emphasize that a lower score—whether for a company or a sector—does not necessarily imply that insufficient diligence is being applied by those entities. Such entities may simply have a higher risk profile (i.e., they face greater risk of breach) due to the nature of their businesses."
For more tips on how to improve your business's cybersecurity posture, check out this TechRepublic article.
- Cheat sheet: How to become a cybersecurity pro (TechRepublic)
- Phishing attacks: A guide for IT pros (TechRepublic download)
- Information security policy template download (Tech Pro Research)
- Online security 101: Tips for protecting your privacy from hackers and spies (ZDNet)
- The best password managers of 2019 (CNET)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)