Cyber Risk Model Discovered, Donated to the Public

United States, 26th Jun 2024 – U.S. companies and insurance carriers alike have struggled to estimate the likelihood of cyber-attacks. Verizon recently highlighted a small company in Illinois that may have cracked the code, and then donated it to the public.

Verizon’s 2024 Data Breach Investigations Report (DBIR) featured HALOCK Security Labs, a consulting firm based in Schaumburg, IL, who have discovered patterns in Verizon’s data that they use to forecast cyber incidents. 

HALOCK’s HIT Index (HALOCK Industry Threat Index) uses Verizon’s crowd-sourced database known as the VERIS Community Database. “When you look at the data deeply, you see the patterns emerge,” said Todd Becker, Principal at HALOCK. “You might not understand at first why a bank has many more physical vectors of attack than insurance companies, or why insurance companies have as many human-caused breaches as hospitals do. But then you realize that ATMs have card skimmers, so physical security matters there much more than at other places. Hospitals and insurance companies have a lot of people making mistakes while handling information about a lot of people. The data is all there. We just needed to model it in a way that people can use in risk analysis.” 

HALOCK collaborated with Center for Internet Security (CIS) to model “expectancy” data in a risk assessment method that is freely available to the public. “In general,” Becker explains, “Common threats are more likely to happen to you. But the stronger your safeguards are for each threat, the less you should expect them to occur.” While not using the fully detailed HIT Index, CIS’ Risk Assessment Method (CIS RAM 2.1) now provides Verizon’s data for the general public, removing guesswork from cyber risk analysis. 

Jim Mirochnik, CEO of Reasonable Risk LLC, a GRC SaaS application, says that his customers are also benefiting from HALOCK’s invention. “It’s prohibitively expensive to hire a quantitative analyst to develop a company’s cyber risk model. The HIT Index finally helps our users translate Verizon’s incident research automatically into likelihood estimations. It’s what we need more of in cyber governance. Easier decisions using better evidence. Our customers don’t have to guess at risk anymore.”

This is not HALOCK’s first foray into giving away their intellectual property. HALOCK developed the Duty of Care Risk Analysis Standard, or “DoCRA,” to define reasonable cybersecurity. Since DoCRA’s release in 2018 it’s principles have been adopted by Center for Internet Security, and cited by regulators from ten states to define reasonable cybersecurity.
To learn more about how DoCRA and the HIT Index (using VCDB data analysis) has been optimized in a Risk Management SaaS application, please visit www.ReasonableRisk.com.

About HALOCK SECURITY LABS

HALOCK is a risk management and information security consulting firm providing cybersecurity, regulatory, strategic, and litigation services. HALOCK has pioneered an approach to risk analysis that aligns with regulatory standards for “reasonable” and “appropriate” safeguards and risk, using due care and reasonable person principles. As authors of CIS Risk Assessment Method (RAM) and board members of The Duty of Care Risk Analysis (DoCRA) Council, HALOCK offers unique insight to help organizations define their acceptable level of risk and establish reasonable security. 

Media Contact

Organization: HALOCK Security Labs

Contact Person: Halock

Website: https://www.halock.com/

Email: Send Email

Contact Number: +18472210200

Address:1834 Walden Office Square, Suite 200 Schaumburg, IL 60173

Country:United States

Release id:13586

View source version on King Newswire:
Cyber Risk Model Discovered, Donated to the Public