Cyber-risk management is one of the foundations of cybersecurity, requiring a thorough understanding of all IT entities — identities, both human and nonhuman; devices; software assets; etc. Beyond identification, cyber-risk management depends upon details and context as well. This includes considerations such as where assets are deployed; how they are configured; who owns each asset; what changes have been applied, when and by whom — the list goes on and on.
The overarching goal here is to identify vulnerabilities and then mitigate risks before a bad guy can exploit them. This is no different than locking your doors and windows when you go away on vacation to prevent easy access to your home.
Cyber-risk management challenges
OK, but here’s the problem: Cyber-risk management has become a monumental task for the following reasons:
- Attack surface growth. According to research from TechTarget’s Enterprise Strategy Group, 62% of organizations claimed their attack surfaces have expanded over…