Risk algorithm version 1.1 increases the significance of Attack Detection events.
Cyber Risk Exposure Management calculates the risk score for each of your company's assets based on numerical values
assigned to risk events occurring on the assets. Asset risk scores are then used to
calculate the Cyber Risk Index.
Risk events have the following values assigned to them:
-
Likelihood: The probability that the risk will be exploited by an adversary
-
Impact: Potential negative impact on business continuity if the risk is exploited
Prior to the June 5, 2023 update, the likelihood value was calculated using a probability
equation that gave equal weight to the three risk categories: Attack, Security Configuration,
and Exposure. This algorithm usually produced an accurate representation of asset
risk, but ongoing testing conducted by Trend Micro threat experts determined that
high-risk Attack events, such as security breaches and ransomware incidents, did not increase asset
risk scores proportional to the critical nature of such events.
In the new algorithm, the Exposure and Security Configuration risk levels are calculated
separately from Attack, and the larger of the two results is used to determine likelihood.
Following this algorithm update, the risk scores of assets affected by Attack events
may have increased significantly, resulting in a sharp increase in the Cyber Risk
Index.
The updated asset risk and Cyber Risk Index scores are a more accurate representation
of your company's attack surface risk. You can effectively reduce the Cyber Risk Index
by prioritizing the mitigation of Attack risk events on affected assets.