As executives struggle to understand their organisations’ exposure to cyber-risk, Huntsman Security has launched The Security Scorecard – the first tool of its kind to give instant visibility of an organisation’s Cyber Security Posture. The Scorecard is a standalone product that gives non IT people such as auditors, risk managers and senior executives a clear understanding of an entity’s cyber security exposure.
The Scorecard technology automatically measures eight key security controls whose effectiveness determines just how secure an organisation is from a cyber-attack. Based on findings by the Australian Signals Directorate (ASD), these best practice controls can reduce the likelihood of a cyber-attack by more than 85 percent. Measuring against these, the Scorecard gives an immediate and automated understanding of risk and exposure: allowing the business to tune the effectiveness of the controls in line with its risk appetite.
“One of the biggest issues security teams face is presenting a convincing argument to the board about what measures need to be taken to reduce risk, and why,” said Jon Collins, industry analyst at Gigaom. “In this situation, the security team doesn’t want to present a list of thousands of outstanding actions, but a shortlist of the highest priorities. A simple scorecard acts as a paring knife, allowing organisations to act more quickly to reduce risk.
“Ultimately, any organisation suffering a breach wants it to be because they fell victim to a complex, never-before-seen attack; not because they failed to follow basic precautions. Huntsman’s scorecard is a great starting point for security teams and executives who want to ensure they have taken essential precautions, based on clear criteria.”
Utilising the “Essential Eight” controls, the solution consists of eight processes that, together: prevent initial attacks, and limit the extent of incidents, recover data and restore systems availability.
The processes are split into a ’Top Four’ – application whitelisting, patching applications, patching operating systems and restricting admin privileges – that are critical to achieving security: plus a further four – disabling untrusted Microsoft office macros, user application hardening, multi-factor authentication and daily backup of important data. The ‘Top Four’ controls are mandatory for Australian federal government departments, and the eight controls collectively complement the best practices put in place by other Governments, such as the UK or USA.
The Security Scorecard continuously measures the performance of the controls, reporting clear metrics and red, amber, green colour-coded status that is easily understood by any audience.
Armed with this information, stakeholders have an immediate overview of their exposure and security teams know whether to focus on these essential processes or examine other ways to reduce risk further.
A standalone product, the Scorecard has a small proactive footprint that sits alongside other security technologies. Security teams can continue with their primary operations without any distraction and without significant investment in new security systems. Because of this, the Scorecard is easy to implement for any organisation.
The Scorecard can be used by organisations in a supply chain to give visibility of their security posture to partners up and down the chain.
“No matter how good or detailed your criteria for effective security, if you only measure it once a year; it won’t give auditors a representative view of operations and it certainly won’t enable the proactive management of risk that security teams and executives aspire to”, said Peter Woollacott, CEO and founder of Huntsman Security.
As a Computer Aided Audit Tool (CAAT), the Scorecard comes into its own; rather than providing an expensive ‘snapshot in time’ it delivers a continuous view of cyber posture for auditors. It also serves to support security specialists in their pursuit of plugging any security gaps.
The Security Scorecard is available now: huntsmansecurity.com/products/security-scorecard/