Risk Scenario

Introduction

SAFE continuously monitors top Cyber Risk Scenarios by correlating all the security findings to respective MITRE ATT&CK TTPs (Tactics, Techniques & Procedures). 

Currently, 20 Cyber Risk Scenarios are supported based on recent security trends and historical breach data.  

SAFE provides risk quantification for each of the Cyber Risk Scenarios, including SAFE Score, Breach Likelihood in percentage, Attack Behavior, Attack Surface,  Estimated Financial Impact(EFI), and Financial Risk(FR). Additionally, the Industry Benchmark SAFE Score is available for comparative analysis. 

• You can also search for a risk scenario, filter the list, and customize the risk scenario table using the options available at the header of the risk scenario table.

Industry benchmarks for breach likelihood for each risk scenario: Additionally, we have added details on the industry benchmark of breach likelihood for each cyber risk scenario in SAFE. Hovering on the breach likelihood percentage bar displays the top 10 percentile, average, and bottom 10 percentile in SAFE.

Risk Scenario Details 

You can navigate to the individual Cyber Risk Scenario detail page by clicking on a Cyber Risk Scenario from the list. 

The details page displays the:

• Breach Likelihood and Financial Risk Trend
• Estimated Financial Impact and Interactive Cost Model
• Actionable Insights
• MITER ATT&CK Mapping

Breach Likelihood and Financial Risk Trend

By default, SAFE displays the overall breach likelihood percentage timeline frame modeled graph to present the breach likelihood trend for the risk scenario. The current breach likelihood is available in the dial view for the risk scenario.

On the other tab,  SAFE displays the financial risk trend. Financial risk represents the expected financial loss due to a risk scenario that can incur in case of a breach over a 12-month period. It is a function of the SAFE score and estimated financial impact associated with the risk scenario.

It also displays the summary on Threat Actor, Attack Behaviour, and Attack Surface at the top-right of the page.

Actionable Insights

SAFE displays the security findings that need immediate attention as Prioritised Actionable Insights for each risk scenario. These insights are available on the main dashboard for enterprise cyber risk scenarios and the individual cyber risk scenario dashboard. The prioritized list of actionable insights will help you measure, manage and mitigate the identified security findings.

MITRE ATT&CK Mapping

ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) is a matrix of different cyberattack techniques sorted by various tactics. There are two views for ATT&CK mapping available to a user; Matrix View (Default) and Detailed View.

Estimated Financial Impact and Interactive Cost Model

Estimated Financial Impact

SAFE displays the Estimated Financial Impact per Cyber Risk Scenario, i.e, the dollar value impact an enterprise can incur due to a breach. A range is also provided with upper and lower bounds of Financial Impact, with an expected value that is generally a mean. SAFE auto-generates the inherent EFI for a risk scenario based on the company characteristics, security findings, and applicable cost drivers.

The default Estimated Financial Impact estimation is powered by Safe Security’s proprietary database - built and maintained by our expert analysts and threat intelligence teams. The model leverages:

• Over 500,000 data points across 2,000 mapped discrete incidents taken from primary sources across:
  • Financial fraud - such as business email compromise, account takeover, and advertising fraud
  • Ransomware, PxI data breaches - including leaks and exposures
  • Wiper and cryptocurrency theft - including lost access
  • Data privacy violations
• ~1300 CVEs identified as seen in the wild., and over 1,100 attack groups, including identified aliases
• TTP mapping to MITRE ATT&CK for over 100 attack groups and malware (with more added regularly)
• A pipeline of over 25,000 security incidents is being actively reconciled and processed.

Interactive Cost Model

Additionally, SAFE does not limit the financial impact estimation to the default assumptions. It also provides an Interactive Cost Model (ICM), which is capable of conforming to different internal assumptions for cost modelling.

The Interactive Cost Model ICM is designed as an interactive tool where a user can calibrate the cost modelling assumptions for the applicable cost categories for a cyber risk scenario. A user can provide upper bound, lower bound, and expected values for all the tunable cost drivers. Based on the inputs, EFI and, subsequently, the Financial Risk for the scenario shall be calibrated for the Cyber Risk Scenario. 

Click the Edit button, change the values for cost drivers, and click the updated button to save your values.