Home Breadcrumb caret Your Business Breadcrumb caret Tech How your commercial clients should be monitoring their cyber risk With a large number of employees working from home during the pandemic, commercial clients need some way of assigning a risk score to the cyber exposure posed by their users, software applications, and hardware devices, a Canadian information technology security expert suggests. “In this day and age, many organizations are using SaaS [software as a […] By Greg Meckbach | July 9, 2021 | Last updated on October 30, 2024 2 min read Businesswoman working on laptop computer sitting at home with a dog pet and managing her business via home office With a large number of employees working from home during the pandemic, commercial clients need some way of assigning a risk score to the cyber exposure posed by their users, software applications, and hardware devices, a Canadian information technology security expert suggests. “In this day and age, many organizations are using SaaS [software as a service] applications and cloud apps,” Antoine Saikaley, technical director of IT security vendor Trend Micro Canada, said in a recent interview. “[Risk managers need to be] able to assess quickly what applications their organization is using, and the risk scores of those apps, so that they can make the decision of whether to sanction it or un-sanction those apps.” Trend Micro recently released results of a survey of 2,303 information technology security and security operations decisionmakers, 101 of whom were Canadian. The survey found security operations centre and IT security teams are suffering from high levels of stress outside of the working day — with alert overload being a prime culprit, Trend Micro said May 26 in a release. Canadian Underwriter asked Saikaley what advice commercial brokers should give clients about information security risk if they still have a lot of people working from home. Your commercial clients should have tools that give them “risk ratings” for users, devices, and applications, replied Saikaley. Clients should monitor their end-users for unusual activity, accessing risky applications, and e-mail based threats, Trend Micro advises. To manage cyber security risk, it is not enough for your clients to monitor the computers, Internet traffic, and incoming mail. The client also needs to monitor devices such as printers and cameras, as well as third-party contractors that connect to the computer network, suggested Saikaley. Trend Micro says its Vision One product lets organizations continuously audit and assess the risk of users, devices, and cloud applications using a calculated risk score. The idea is to let computer security staff take quick action to manage cyber risk. Vision One provides a risk score of more than 30,000 cloud applications, based on web reputation, security compliance, and security features, said Saikaley. As for assessing the risk scores of individual users, Vision One takes into account whether a user is clicking on malicious URLs or has downloaded a malicious attachment, among other things. More than two thirds (70%) of global respondents to the Trend Micro survey say their home lives are being emotionally impacted by their work managing IT threat alerts, Trend Micro said May 26 in a release. Nearly half (46%) of Canadian information technology and security operations centre teams “are overwhelmed by the volume of security alerts and 52% admit that they aren’t entirely confident in their ability to prioritize and respond to them.” The survey was conducted among 2,303 IT security decision makers in 21 regions. In Canada, 101 IT security decision makers were surveyed through online interviews by Sapio Research in April, 2020 using an email invitation and an online survey. At an overall level, results are considered accurate to plus or minus 9.8%, 19 times out of 20. Feature image via iStock.com/Manuel Tauber-Romieri Greg Meckbach Save Stroke 1 Print Group 8 Share LI logo