Information technology risk management helps minimize risks associated with data loss and security breaches.
In business environments, risk intelligence is vital for decision-makers. Business, after all, is a risky endeavor. Product demand is unstable. Competition is unpredictable. And unforeseen disasters seem to loom around every corner.
The same applies to network security. MSPs go head to head with a formidable amount of risk as they work to protect their networks against security threats, from phishing to malware to brute-force breaches.
But what is risk intelligence? And what does it mean for MSPs?
Information and Action
David Apgar, who serves as executive director of the Corporate Executive Board, a global technology firm, offers a succinct definition of risk intelligence. According to Apgar, it describes one’s ability to assess threats in comparison to competitors. Risk intelligence not only relies on one’s informational advantages, Apgar adds; it has to do with how one applies these advantages.
Found a vulnerable application in a mail server? Risk intelligence begins with the uncovering of that vulnerability. But it also involves acting on the knowledge and patching the application.
In a business environment, risk intelligence isn’t just about averting risk. Rick Funston, a pioneer in risk intelligence, notes that complete risk aversion can be a problem itself. Risks can create value, he notes.
Take, for example, e-commerce. This type of business entails a substantial risk — managing large sets of personally identifiable information. Yet e-commerce also offers the potential for major business growth. Risk is a key ingredient of growth, as much as risk itself needs to be managed.
Understanding Risk
The problem is that many people don’t know how to measure risk. People by and large struggle to estimate the probability of a disaster. This isn’t just speculation. Research psychologists have evaluated humans’ judgment and decision-making and have found that we aren't adept at judging probabilities.
Consider, for a moment, the prevalence of cyber attacks. In 2015, more than 80 percent of organizations in a survey said that they expected to be victims of cyber crime. That’s an astonishing admission of vulnerability.
These crimes can be enormously expensive. Sony Pictures, for instance, estimates that a cyber attack in 2014 cost the company $35 million, while an earlier breach of the company’s PlayStation network cost $171 million.
Hacks that disrupt service can be a huge drain on an organization’s finances. According to one estimate, service disruptions can cost up to $5 million.
Even though organizations know that they’ll likely be victimized, and even though the financial costs can be catastrophic, many organizations are still unprepared to defend themselves. In fact, almost 75 percent of organizations worldwide are unprepared to recover from a disaster, according to the 2014 Disaster Recovery Preparedness Benchmark Survey.
Extent of the Risk
Just how deep do these risks run? Of course, there are the financial risks. Whether it’s Sony’s $206 million or a brick-and-mortar shop’s smaller loss, cyber attacks can be extraordinarily costly to an organization’s finances.
But money isn’t the only issue at stake. In the event of a data breach, harm can fall upon the individuals who’ve entrusted their information to an organization. Data breaches can lead to identity theft, blackmail and public humiliation, as was the case in Sony’s 2014 cyber attack when 170,000 internal company emails were leaked online.
This can have long-term consequences for an organization. When customers learn that an organization has been breached, they often lose their trust in a company. Retailers particularly stand to lose in these situations. According to one survey retailers may lose up to 20 percent of their customers following a cyber attack. Trust is a delicate resource.
The Risk of PII
In business environments, risk intelligence suggests that an organization should begin by studying its greatest risks. Then the team should take informed action to mitigate those risks.
In network security, one of the biggest risks — and one area that demands tremendous focus — is personally identifiable information (PII). PII is information that, if disclosed, can identify an individual. Think Social Security numbers, email addresses, phone numbers and bank records.
Not all PII is made the same. Some PII, such as publicly available information, may cause limited harm to an individual. This isn’t sensitive PII. What is sensitive is information that, if disclosed, could harm an person financially or otherwise.
Despite the high risk value of sensitive PII, many organizations continue to find this data breached. In fact, in 2014, about 47 percent of Americans had their personal information stolen through data breaches.
Breaches can be a PR disaster and do irreparable damage to an organization. Clearly, something must be done to mitigate these risks.
IT Technologies
When it comes to minimizing threats in the business environment, risk intelligence is essential. IT vendors have numerous solutions from which to choose. Ultimately what they’re looking for, though, is network scanning software that can help uncover vulnerabilities — and point the way toward remedies.
These vulnerabilities may reside in a weakly defended mail server. Or in an unpatched mail client. Or in poorly managed user-access privileges, with inappropriate access granted to PII across a network. The best IT solutions reveal these vulnerabilities, analyzing servers, workstations and mobile devices across a network.
Vulnerabilities may not only exist within a network. Networks face a barrage of attacks, some of which can make it past perimeter defenses. Good network scanning software can uncover these external threats as well.
The list of potential vulnerabilities is long. Which is why it’s important for IT professionals to use a comprehensive solution, one that addresses the vast universe of internal and external vulnerabilities.
Why Choose Intelligence?
If you’re looking for a comprehensive solution, you’re in the right place.
SolarWinds MSP's (formerly LOGICnow) MSP Risk Intelligence is an industry leader for good reason. Our comprehensive solution helps MSPs uncover vulnerabilities across the full span of their networks so that they can take informed action.
What can you expect to root out with MSP Risk Intelligence? How about:
- Inappropriate permissions – Our deep scans penetrate your network and uncover permission mismatches, where the wrong people have access to sensitive data.
- Leaked data – MSP Risk Intelligence discovers leaked payment data and stolen customer lists.
- Every kind of PII – Social Security numbers, home addresses, ACH data, license plate numbers and email addresses: we uncover your PII, whether it’s in transit or at rest. Protect healthcare clients from large fines, as you discover the locations of protected health information.
- Cardholder data – Give your clients supreme relief knowing that they’re PCI compliant. MSP Risk Intelligence discovers payment information in the most remote locations and performs vulnerability scans using a host-based authentication pattern.
- Security holes – Use our host-based scans to find vulnerabilities that an attacker may try to exploit. These include unpatched software, Outlook files, VPN connections and malware threats registered with the CVSS database, among many other vulnerabilities.
Intelligent Reporting
If there’s one thing all IT professionals know, it’s that someone has to pay for their services.
This is a truth that’s especially familiar to overextended MSPs, who must work to build their client base. Decision-makers need to be persuaded of IT’s benefits, with clear figures describing the costs and benefits of managed services. That takes work.
But the work doesn’t have to be hard.
With SolarWinds MSP’s risk intelligence reports, you can put an exact dollar figure on an organization’s network vulnerabilities. This helps move the levers of decision-making as MSPs demonstrate the concrete, bottom-line benefits of increased IT services.
With our risk reports, you can:
- Put a specific dollar figure on an organization’s risks from a credit card data breach.
- Identify scattered PII and isolate the exact financial risk that this poses an organization.
- Track the trends in vulnerabilities, in order to demonstrate the effectiveness of beefed-up network security.
- Brand the reports to make them company-specific.
An Informed Response
Risk intelligence isn’t just about uncovering vulnerabilities. It’s about taking action once you’ve found the weaknesses.
It’s here, too, that SolarWinds MSP is recognized as an industry leader. Our solutions are based on a layered security approach. Just as aircraft engineers build multiple redundancies into a plane, the strongest networks have layer upon layer of security.
Our industry-leading platform begins with proactive security. Prevention is always the best place to start with security, and SolarWinds MSP offers web protection to keep users off of malicious websites. Our patch management covers a broad range of Microsoft application families and third-party families. And our email security blocks incoming threats, from malware to phishing attacks.
Next comes detective security. Threats can still crop up, despite the best preventive defense. That’s why with SolarWinds MSP, you can catch them immediately. Our managed antivirus includes the industry’s leading malware protection. Failed login checks fend off brute-force attacks. And our device discovery functionalities allow you to closely follow rogue devices, as they enter your network.
Last is reactive security. When threats manage to slip through the first two layers, MSPs must be able to respond quickly and thoroughly. SolarWinds MSP gives you the ability to get back up and running, minutes after a disaster. Our virtual server recovery keeps a business operating even after an attack on your physical servers or workstations. And our hybrid cloud recovery offers onsite and offsite data storage, protecting you from all disaster scenarios.
Built for MSPs
MSPs have a tremendous challenge, as they work to expand network security while increasing their business. SolarWinds MSP supports their needs. We increase MSPs’ operational efficiency through:
- A single, comprehensive dashboard that automates patch management, managed antivirus and many other time-consuming tasks.
- Support for multiple operating systems and mobile devices, so that you can reduce the complexity of your operations.
- Data-driven insights that allow MSPs to tackle problems before they emerge, and make a strong business case to clients.
It’s no surprise that MSPs who use SolarWinds MSP retain 98 percent of their customers. Our platform keeps networks safe and ensures continuity among business’ critical applications. And in the current risky business environment, risk intelligence from SolarWinds MSP allows business leaders to see the tangible benefits of IT.
Sound like a good option for your networks? You can choose intelligence today, and check out our comprehensive solution with a free trial.
About SolarWinds MSP
SolarWinds MSP delivers the only 100% SaaS, fully cloud-based IT service management (ITSM) platform, backed by collective intelligence and the highest levels of layered security. SolarWinds MSP’s products including Risk Intelligence, Remote Management, Backup & Disaster Recovery, Mail and Service Desk – comprise the market’s most widely trusted integrated solution.
Deployed on millions of endpoints across hundreds of thousands of networks, the platform has the industry vision to define and deliver the future of the market. SolarWinds MSP provides the most comprehensive IT security available as well as LOGICcards, the first ever IT notification feature powered by prescriptive analytics and machine learning.
SolarWinds MSP’s passion is helping IT professionals secure and manage their systems and data through actionable insights, rewriting the rules of IT.
For more information, visit www.solarwindsmsp.com.
----------
Sources:
Bloomberg: http://www.bloomberg.com/news/articles/2006-08-17/increasing-risk-intelligence
Funston Advisory Services: http://www.funstonadv.com/me/funston-advisory/strategy-and-risk-intelligence-8926.html
Slate: http://www.slate.com/articles/health_and_science/new_scientist/2012/05/risk_intelligence_how_gamblers_and_weather_forecasters_assess_probabilities_.html
ISACA: http://www.isaca.org/cyber/Documents/State-of-Cybersecurity_Res_Eng_0415.pdf
CSO: http://www.csoonline.com/article/2879444/data-breach/hack-to-cost-sony-35-million-in-it-repairs.html
The Register: http://www.theregister.co.uk/2011/05/24/sony_playstation_breach_costs/
Disaster Recovery Preparedness Council: http://drbenchmark.org/wp-content/uploads/2014/02/ANNUAL_REPORT-DRPBenchmark_Survey_Results_2014_report.pdf
National Institute of Standards and Technology: http://csrc.nist.gov/publications/nistpubs/800-122/sp800-122.pdf
The Wrap: http://www.thewrap.com/11-revelations-from-wikileaks-sony-hack-emails-amy-pascals-travel-expenses-david-fincher-complains-of-leak/
News Channel 10: http://www.newschannel10.com/story/32820315/cyber-attacks-could-cost-retailers-one-fifth-of-their-shoppers-kpmg-study
TechTarget: http://searchfinancialsecurity.techtarget.com/definition/personally-identifiable-information
National Conference of State Legislatures: http://www.ncsl.org/research/telecommunications-and-information-technology/security-breach-notification-laws.aspx
CBS: http://www.cbs.com/shows/csi-cyber/news/1003888/these-cybercrime-statistics-will-make-you-think-twice-about-your-password-where-s-the-csi-cyber-team-when-you-need-them-/
