Scoring the Unscorables: Cyber Risk Assessment Beyond Internet Scans

TL;DR

This paper introduces a novel cyber risk assessment method that uses publicly available website technology signatures to estimate breach likelihood, overcoming limitations of traditional IP scan data especially for SMEs.

Contribution

It presents a new approach leveraging website signatures for cyber risk quantification, improving coverage for small and medium organizations compared to IP scanning.

Findings

High accuracy in risk estimation using website signatures.

Strong correlation between signatures and cybersecurity posture.

Distinct characteristics of ransomware victims identified.

Abstract

In this paper we present a study on using novel data types to perform cyber risk quantification by estimating the likelihood of a data breach. We demonstrate that it is feasible to build a highly accurate cyber risk assessment model using public and readily available technology signatures obtained from crawling an organization's website. This approach overcomes the limitations of previous similar approaches that relied on large-scale IP address based scanning data, which suffers from incomplete/missing IP address mappings as well as the lack of such data for large numbers of small and medium-sized organizations (SMEs). In comparison to scan data, technology digital signature data is more readily available for millions of SMEs. Our study shows that there is a strong relationship between these technology signatures and an organization's cybersecurity posture. In cross-validating our model using different cyber incident datasets, we also highlight the key differences between ransomware attack victims and the larger population of cyber incident and data breach victims.