Erik Sørup Andersen har samarbejdet med Henry Stewart Publications om en peer-reviewed artikel.
Artiklen giver en dybdegående analyse af ransomware-risiko og vigtigheden af at bruge kvantitative metoder til at vurdere og reducere denne risiko.
During 2024 Erik Sørup Andersen has collaborated with Henry Stewart publications on a peer-reviewed journal.
The paper provides an in-depth analysis of ransomware risk and the importance of using quantitative methods for assessing and mitigating this risk. Below is an abstract.
You are able to download the full article at the end of this summary.
Ransomware attacks have, over the past years, been the most frequent cyberattack type and a growing community of adversaries continues to innovate methods for extorting organisations into paying ransom. Yet this risk is still, to many organisations, not well understood. Some refer to the averages reported in the media of the size of ransom and cost of ransomware attacks. But these numbers can be very far from the actual risk of a particular organisation.
The nature of the risk, comprising many attack techniques and paths through an organisation’s IT assets affecting a range of systems, data and the processes they support, makes it complex to describe and analyse.
By using a risk analysis technique, where the risk scenario is decomposed to account for the contributions to the risk from different attack techniques, the vulnerabilities they exploit and the different forms of impact the attack inflicts on an organisation, it is possible to describe the risk in a more nuanced way unique to an organisation.
Having created a model of the risk scenario that accounts for the factors relevant to the target organisation, it is possible to study mitigation options more consistently and simulate effects of implementing potential controls. Collecting data used to estimate the individual contributions to the total risk reduces the uncertainty of the risk measure and enables calculation of mitigation effects.
This paper introduces the concept of quantitative risk assessment by highlighting results from quantitative studies of ransomware risk and providing examples of how data can be collected.
Common pitfalls when using high-level data are demonstrated by showing examples of insights gained from collecting data about controls effectiveness.
Being more effective in mitigating ransomware risk will both benefit the organisation directly and, by making ransomware attacks less profitable, society.
Fortsæt læsningen her
ACI og Risk Measure fusionerer
ACI og Risk Measure fusionerer og bliver til ACI Risk Measure
Move Beyond Guesswork: Elevate Your Cyber Risk Management with Data-Driven Quantification
Elevating Cyber Risk Management Beyond the Hype Cycle Cyber Risk Quantification (CRQ) is gaining traction, as seen in Gartner’s latest Hype Cycle for Cyber Risk Management, published on 22nd July...
Få klarhed om jeres it-risici
Virksomheder har i stigende grad behov for at afdække, hvor risikoen for finansielle tab i forbindelse med it ligger.
Vi er eksperter i kvantitativ risikomodellering og kombinerer indsigt fra forsikringsmatematik, statistiske metoder og it-sikkerhed for at skabe et nøjagtigt billede af jeres risikoniveau. Dette giver jer:
- Målbare indsigter i jeres sårbarheder og sandsynlige tab.
- Klarhed og kontrol til effektivt at prioritere ressourcer og it-sikkerhedstiltag.
Vi arbejder med anerkendte frameworks som FAIR, NIST CSF, ISO, NIS2, DORA og GDPR for at sikre, at jeres organisation står stærkt.