NAFCU Services Blog

May 19, 2016
Categories: General

Top 3 Cybersecurity Metrics To Begin Tracking

By: Melissa Stevens, Senior Digital Marketing Manager, BitSight

Creating a vendor risk management program is of utmost importance in today’s threat landscape. So if you don’t have a program in place already, you may be wondering where—and how—you should get started. One of the building blocks for any security program is the creation of actionable cybersecurity metrics. These will help you go beyond “yes” and “no” answers in your own organization (and your vendors’) and see exactly how well-prepared your company is to protect against cyberthreats.

Below, BitSight has outlined three of the most important metrics your credit union should start monitoring right away.

1) Number of botnet infections per device over a period of time.

This is, without a doubt, the number one cybersecurity metric that every credit union must monitor. By examining how many botnet infections have taken place on your network—and what types of botnets you’ve dealt with—you can better prepare for (and protect yourself against) these types of attacks.

For example, if your organization is able to successfully track this metric, you may be able to shorten the detection deficit. Let me explain. The quicker you can identify a security breach or incident and fix it, the less likely you are to have something catastrophic happen to your organization. In other words, the greater the speed at which you can identify that something is happening on your corporate network and appropriately respond to it, the greater the likelihood of preventing the hacker from getting a foothold in your organization. If you’re able to keep that amount of time as close to zero as possible, you’ll be in far greater shape.

The problem is, many organizations don’t just have a gap of minutes between the intrusion and the solution—sometimes it takes them hours, days, weeks, or even months to identify and fix a security breach (this is where the term “detection deficit” comes in). By closely monitoring the number of botnet infections that take place on your corporate network—and the time it takes you to remediate those infections—you’ll be taking important steps toward reducing this deficit.

2) Percentage of employees with super-user access who are monitored.

Whether through an insider that has decided to go rogue or an external attacker who is trying to take advantage of someone’s super-user privileges, gaining control to “the key to the kingdom” gives a hacker everything they need to take control of a corporate infrastructure and wreak significant material damage. Knowing who has super-user access and monitoring those individuals closely for internal or external issues is a very important metric for this reason. Also, this will provide you with enough insight to determine whether you’re providing too many individuals with unlimited network access, so you can reduce privileges to those individuals who actually need it.

3) Percentage of critical vendors whose cybersecurity effectiveness is continuously monitored.

Traditional vendor risk management practices only offer you a snapshot in time. Even if you perform audits, penetration tests, and vulnerability scans, you still won’t know what’s going on with your vendors’ security on a day-to-day basis. But continuous risk monitoring changes this. It allows you to look at the third parties you’ve deemed as critical—usually those who have access to sensitive data or direct corporate network connections—and determine in real-time how they’re performing in regard to cybersecurity. This will allow you to make data-driven decisions about those vendors that are best for your organization.

BitSight is the NAFCU Services Preferred Partner for Cybersecurity Rating. Learn more at www.nafcu.org/bitsight.

About the Author