How to Improve Digital Resiliency in Supply Chain Security

  • Threat Beta,  

Supply Chain Security

In an increasingly interconnected world, it is more important than ever to evaluate the digital resiliency of an enterprise – the capability to withstand and operate right through a threat or a verified incident. Unfortunately, modern digital networks are rarely built with resilience in mind.

A typical, large corporate network there are countless devices from multiple vendors. These all have a specific function and they interoperate. To assess resiliency, operators need an overview, in its entirety, of the entire network rather than just examining separate segments. Operators need diagnostics, intelligence, and the capability of threat modeling to make changes to logical controls, access management, and supply chain network security.

When risk and information security managers approach a CFO with budget requests to build more resiliency within the enterprise network, the CFO will likely ask how the organization will know that the plan is working, and will want reassurance that the team will not need a further budget increase the next year.

To address these factors, we have taken a range of complex questions and boiled them down to a Threat BetaTM rating, on a scale from 0-2, for the threat level faced by a company. This helps evaluate potential outcomes and provides a practical framework for discussing these outcomes with boards and other senior executives.

Consider an example where your enterprise network has a Threat Beta score of 0.66, which is well below the average Threat Beta score of 1.0. You assess the network of an organization your company plans to acquire and obtain a score of 1.67, representing a higher risk than that currently faced by your own firm. By connecting to the other company’s network, your organization’s risk would rise, which might not be acceptable. However, if you decide to proceed with the acquision, you could use this information to renegotiate the price and add new liability escrow elements.

As a strategic element in building an information security program, Threat Beta is mostly used on a day-to-day basis by operational leaders, who making ongoing changes to the network.

As an example, we’re working with a multi-million dollar healthcare private equity firm with a network that is completely outsourced. This firm looks at the Threat Beta score to understand whether the network is getting better or worse. A service level agreement is in place for the provider to bring the network up to certain levels over specified periods of time.

Threat Beta provides a raw list of vulnerability scores coupled with the network context and situational awareness. This helps prioritize various threats in a way that is not possible with competing scoring systems.

Threat Beta can help you confidently track your organization’s digital resiliency on a daily basis, boosting compliance and improving incident response.

For more on Cybeta™ click here or contact Josh Berg, at josh.berg@cybeta.com.

About Cybeta

Founded in 2019, CybetaTM offers a suite of Cybersecurity products and services designed to help you keep your business off the Cyber ‘X’. Based on decades of detecting and thwarting the activities of even the most advanced attackers, CybetaTM delivers the substantive intelligence you need to make preemptive strategic and operational decisions. Think in terms of over-the-horizon visibility coupled with enhanced peripheral vision.