Assessing The Risk of Compromised Credentials to The Enterprise

Because technology now has a broad and pervasive impact on the successful operation of the business, comprehensive and accurate scoring and assessment of cybersecurity risk is absolutely essential and covers many areas of technology.

To assess more accurately the cybersecurity risk, assessment of the compromised credential risk is necessary. A new approach is introduced to provide risk officers with a framework that can be connected with the cybersecurity risk management of widely used operational frameworks, such as the Basel Framework. “How at risk are my users” and “How at risk is my organization to the risk of compromised credentials” are two questions this whitepaper is trying to answer.

Three metrics used to score compromised credentials risk:

• Percentage of Compromised Credentials, taking into account the types of credentials
• Availability of Compromised Credentials, as not all credentials on the dark web are available all the time
• Percentage Convertible to Plaintext Credentials, as both the ability to readily convert an organization’s passwords to plaintext, as well as the additional intelligence plaintext provides increases the cybersecurity risk.

Compromised credentials are a rapidly emerging and dangerous risk to organizations that require senior cybersecurity and risk officers within to take notice, assess and sufficiently address. It is hoped this paper helps highlight, articulate, and provide proper guidance in assessing and scoring cybersecurity risk, through accepted cybersecurity frameworks, to mitigate overall operational risk.