Reducing cybersecurity risk level of portfolio of companies using a cybersecurity risk multiplier

US 10,614,401 B2
Filed: 07/28/2017
Issued: 04/07/2020
Est. Priority Date: 07/28/2017
Status: Active Grant

First Claim

Patent Images

1. A method for reducing a cybersecurity risk level for a portfolio of companies, the method comprising:

determining an initial cybersecurity risk level for the portfolio of companies;

identifying at least one company that experienced a cybersecurity risk event during a certain time period;

identifying;

one or more attributes common to the at least one identified company that experienced the cybersecurity risk event and a plurality of companies in the portfolio of companies, anda degree of mutuality of the identified common one or more attributes;

determining a probability that another cybersecurity risk event will occur with respect to the plurality of companies in the portfolio of companies, where the probability depends on;

a number of the identified common one or more attributes, anddegrees of mutuality of the number of the identified common one or more attributes;

generating, from the determined probability, a cybersecurity risk multiplier for the portfolio of companies;

generating a refined cybersecurity risk level that is a function of the initial cybersecurity risk level and the cybersecurity risk multiplier; and

enabling a tool for using the refined cybersecurity risk level.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A multiplier is utilized to quantify a cybersecurity risk level of a portfolio of entities (e.g., companies) and enable actions to mitigate that quantified risk. In doing so, features or attributes of one or more companies in a portfolio are compared to features or attributes of one or more companies that experienced an adverse cybersecurity event (e.g. a data breach). Further, a degree of dependency, such as a matrix of a number of shared vendors and the proximity of those vendors to the companies, can be measured between (1) portfolio companies and one or more companies that experienced a cybersecurity event, and/or (2) the portfolio companies themselves to better quantify the risk. That is, to more meaningfully analyze a cybersecurity event that occurred at one or more companies and better predict the likelihood of an occurrence at portfolio companies, embodiments can determine an n-degree interdependency between companies.

Citations

40 Claims

1. A method for reducing a cybersecurity risk level for a portfolio of companies, the method comprising:
- determining an initial cybersecurity risk level for the portfolio of companies;
  
  identifying at least one company that experienced a cybersecurity risk event during a certain time period;
  
  identifying;
  
  one or more attributes common to the at least one identified company that experienced the cybersecurity risk event and a plurality of companies in the portfolio of companies, anda degree of mutuality of the identified common one or more attributes;
  
  determining a probability that another cybersecurity risk event will occur with respect to the plurality of companies in the portfolio of companies, where the probability depends on;
  
  a number of the identified common one or more attributes, anddegrees of mutuality of the number of the identified common one or more attributes;
  
  generating, from the determined probability, a cybersecurity risk multiplier for the portfolio of companies;
  
  generating a refined cybersecurity risk level that is a function of the initial cybersecurity risk level and the cybersecurity risk multiplier; and
  
  enabling a tool for using the refined cybersecurity risk level.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 2. The method of claim 1 where enabling the tool for using the refined cybersecurity risk level comprises:
    - displaying, to a user, an interactive tool enabling the user to view the refined cybersecurity risk level for the portfolio of companies.
  - 3. The method of claim 2 where the interactive tool further enables the user to view:
    - an action the user can take to reduce the refined cybersecurity risk level.
  - 4. The method of claim 3 where the action the user can take to reduce the refined cybersecurity risk level comprises:
    - an action to remove a company from the portfolio of companies;
      
      an action to replace the removed company with a new company, where the new company was not previously included in the portfolio of companies; and
      
      an action to identify a critical cybersecurity attribute and remove the identified critical cybersecurity attribute from the portfolio of companies.
  - 5. The method of claim 1 where the refined cybersecurity risk level is expressed as a product of the initial cybersecurity risk level and the cybersecurity risk multiplier.
  - 6. The method of claim 1 where the at least one identified company that experienced the cybersecurity risk event during the certain time period is in the portfolio of companies.
  - 7. The method of claim 6 where the certain time period is historical.
  - 8. The method of claim 1 where the at least one identified company that experienced the cybersecurity risk event during the certain time period is not in the portfolio of companies.
  - 9. The method of claim 8 where the certain time period is historical.
  - 10. The method of claim 1 where the initial cybersecurity risk level is generated, at least in part, from cybersecurity data relating to at least one company in the portfolio of companies during the certain time period.
  - 11. The method of claim 1 where the initial cybersecurity risk level is generated, at least in part, by comparing attributes indicative of cybersecurity risk level of companies in the portfolio of companies to attributes indicative of cybersecurity risk level of companies in another portfolio comprising randomly selected companies.
  - 12. The method of claim 1 where the identified common one or more attributes are weighted according to their correlation with an incidence of a cybersecurity risk event, and the determined probability further depends on the weights of the identified common one or more attributes.
  - 13. The method of claim 1 where the identified common one or more attributes comprise an internal attribute that is shared by companies in the portfolio of companies.
  - 14. The method of claim 13 where the internal attribute comprises one or more of:
    - vulnerable host, obsolete user agent, number of new malware events, open ports, slow patching cadence, and inadequate use of firewalls and inadequate use of intrusion detection system.
  - 15. The method of claim 1 where the identified common one or more attributes comprise an external attribute that is shared by companies in the portfolio of companies and one or more companies not in the portfolio of companies.
  - 16. The method of claim 15 where the external attribute comprises one or more of:
    - inadequate use of social media accounts, lost or stolen passwords, and inadequate social network sentiment.
  - 17. The method of claim 1 where the identified common one or more attributes comprises a first-degree common attribute.
  - 18. The method of claim 17 where the first-degree common attribute comprises at least one vendor that is common to two or more companies in the portfolio of companies.
  - 19. The method of claim 1 where the identified common one or more attributes comprises a second-degree common attribute.
  - 20. The method of claim 19 where the second-degree common one or more attribute comprises at least one vendor that is common to two or more vendors, where the two or more vendors are common to two or more companies in the portfolio of companies.

21. An apparatus for reducing a cybersecurity risk level for a portfolio of companies, the apparatus comprising:
- a non-transitory memory; and
  
  one or more processors coupled to the non-transitory memory, where the one or more processors are configured to;
  
  determine an initial cybersecurity risk level for the portfolio of companies;
  
  identify at least one company that experienced a cybersecurity risk event during a certain time period;
  
  identify;
  
  one or more attributes common to the at least one identified company that experienced the cybersecurity risk event and a plurality of companies in the portfolio of companies, anda degree of mutuality of the identified common one or more attributes;
  
  determine a probability that another cybersecurity risk event will occur with respect to the plurality of companies in the portfolio of companies, where the probability depends on;
  
  a number of the identified common one or more attributes, anddegrees of mutuality of the number of the identified common one or more attributes;
  
  generate, from the determined probability, a cybersecurity risk multiplier for the portfolio of companies;
  
  generate a refined cybersecurity risk level that is a function of the initial cybersecurity risk level and the cybersecurity risk multiplier; and
  
  enable a tool for using the refined cybersecurity risk level.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40)
- - 22. The apparatus of claim 21 where enabling the tool for using the refined cybersecurity risk level comprises:
    - displaying, to a user, an interactive tool enabling the user to view the refined cybersecurity risk level for the portfolio of companies.
  - 23. The apparatus of claim 22 where the interactive tool further enables the user to view:
    - an action the user can take to reduce the refined cybersecurity risk level.
  - 24. The apparatus of claim 23 where the action the user can take to reduce the refined cybersecurity risk level comprises:
    - an action to remove a company from the portfolio of companies; and
      
      an action to replace the removed company with a new company, where the new company was not previously included in the portfolio of companies.
  - 25. The apparatus of claim 21 where the refined cybersecurity risk level is expressed as a product of the initial cybersecurity risk level and the cybersecurity risk multiplier.
  - 26. The apparatus of claim 21 where the at least one identified company that experienced the cybersecurity risk event during the certain time period is in the portfolio of companies.
  - 27. The apparatus of claim 26 where the certain time period is historical.
  - 28. The apparatus of claim 21 where the at least one identified company that experienced the cybersecurity risk event during the certain time period is not in the portfolio of companies.
  - 29. The apparatus of claim 28 where the certain time period is historical.
  - 30. The apparatus of claim 21 where the initial cybersecurity risk level is generated, at least in part, from cybersecurity data relating to at least one company in the portfolio of companies during the certain time period.
  - 31. The apparatus of claim 21 where the initial cybersecurity risk level is generated, at least in part, by comparing attributes indicative of cybersecurity risk level of companies in the portfolio of companies to attributes indicative of cybersecurity risk level of companies in another portfolio comprising randomly selected companies.
  - 32. The apparatus of claim 21 where the identified common one or more attributes are weighted according to their correlation with an incidence of a cybersecurity risk event, and the determined probability further depends on the weights of the identified common attributes.
  - 33. The apparatus of claim 21 where the identified common one or more attributes comprise an internal attribute that is shared by companies in the portfolio of companies.
  - 34. The apparatus of claim 33 where the internal attribute comprises one or more of:
    - vulnerable host, obsolete user agent, number of new malware events, open ports, and slow patching cadence.
  - 35. The apparatus of claim 21 where the identified common one or more attributes comprise an external attribute that is shared by companies in the portfolio of companies and one or more companies not in the portfolio of companies.
  - 36. The apparatus of claim 35 where the external attribute comprises one or more of:
    - inadequate use of social media accounts, lost or stolen passwords, and inadequate social network sentiment.
  - 37. The apparatus of claim 21 where the identified common one or more attributes comprises a first-degree common attribute.
  - 38. The apparatus of claim 37 where the first-degree common attribute comprises at least one vendor that is common to two or more companies in the portfolio of companies.
  - 39. The apparatus of claim 21 where the identified common one or more attributes comprises a second-degree common attribute.
  - 40. The apparatus of claim 39 where the second-degree common attribute comprises at least one vendor that is common to two or more vendors, where the two or more vendors are common to two or more companies in the portfolio of companies.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SecurityScorecard, Inc.
Original Assignee
SecurityScorecard, Inc.
Inventors
Mo, Jue, Vargas, Luis, Sohval, A. Robert
Primary Examiner(s)
Abyaneh, Ali S
Assistant Examiner(s)
Gao, Shu Chun

Application Number

US15/663,541
Publication Number

US 20190034845A1
Time in Patent Office

984 Days
Field of Search
US Class Current
CPC Class Codes

G06Q 10/0635 Risk analysis of enterprise...

H04L 63/1433 Vulnerability analysis

Reducing cybersecurity risk level of portfolio of companies using a cybersecurity risk multiplier

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

40 Claims

Specification

Solutions

Use Cases

Quick Links

Reducing cybersecurity risk level of portfolio of companies using a cybersecurity risk multiplier

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

40 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links