- Success Story -
Cyber Vulnerability Assessments for Financial OT Cyber Risk
With an aggressive growth plan, the Director of cyber security needed a way to quickly assess risk across the fleet of existing assets so he could prioritize remediation budgets.
The Challenge
Cyber Security team needed a way to scale up their risk assessment process for a fast growing fleet.
Organization wanted to use standardization across existing frameworks like NIST CSF, Factor Analysis for Information Risk, and OT specific solutions to quantify the risk at those sites so they had a common risk framework to make decisions with input from the executive committee.
Traditional consulting firms and services were too expensive, didn’t scale and required weeks of data exchanges between the cyber security teams and the consultants.
Outputs and reports driven by traditional consulting firms did not allow the Renewables company to make edits to their plan through a intuitive user interface, it was done through a customized one off spreadsheet.
The Solution
DeRISK was deployed to a wind site in Texas to test the speed and accuracy of an automated OT cyber risk assessment with financial outputs in early 2022.
DeRISK collected Inside-Data information from a sensor on the site. Data collected included an asset inventory, network topographies, and existing vulnerability telemetry.
Existing NIST CSF inputs were used to show the maturity of the site’s existing security controls, policies, and procedures in place.
Business information was input into DeRISK from the customers ERP system to give DeRISK the financial outputs of the site to run the cyber risk models.
Calculations were run on the Inside Out Data, Business Data, and the customers OT supply chain outside in to build reports for the executive team
The Results
The team was able to build a risk quantification, list of finically justified mitigation strategies, and reports to enable communicate to their CEO, CFO, CIO, and other executives at the organization the existing risk at site.
DeRISK rapidly deployed at OT sites across the fleet to expedite the risk evaluation process
DeRISK acted as a bridge between the cyber security team and the executive leadership group to show defendable probabilities, event loss amounts, risk reduction metrics, and ROI’s.
The customer went from a 12-week consulting engagement to quantify risk to a 3 week deployment saving the team 9 weeks of time to gain risk quantification data.
Eliminated the need justify financial outputs since the business data came from the customers ERP system convincing the CFO that DeRISK was a credible tool not a one off spreadsheet to be manually manipulated.
Value Created
Quickly Deployed Cyber Risk Assessments
0
Weeks saved per deployment
$0
Dollars Saved per Assessment
$0
Projected Fleet Savings
The multinational organization was able to plan for a fleet risk assessment at considerable time and cost savings using DeRISK using the platform instead of consultancies or FTE's