Real world risk data
We have been working in cyber security in banking for some time and that experience has taught us that scoring like CVSS is outdated and not well suited for our day and age.
At Skopos our purpose is to bring a risk based approach to cyber security. We use data like exploits, historical breaches and dark web data along with machine learning models to predict which vulnerabilities are likely to be exploited and why. This data can help your team to prioritize their existing alerts and make decision-making faster.
Your organisation can either request a scoring per vulnerability or, to avoid data leakage, ingest a full copy of the ‘risk world risk’ of all vulnerabilities in your platform via API at regular interval. This is the SKopos Exploit Score (SKES). This will help answer the questions: what is the likelihood a hacker will exploit this vulnerability?
The Skopos data helps in prioritising existing vulnerabilities by adding the risk that a hacker will exploit this in the next twelve months. Here a plot of what that entails.
The data ingestion can help answer questions like “Which vulnerabilities cause the majority or risk to the organisation?”, “What needs immediate action?”.
Better scoring = better decisions
The classic CVSS scoring is not very helpful in making these decisions. At Skopos we calculated the real world risk of all known 124.000 vulnerabilities; the SKopos Exploit Score (SKES). On the y-axis is the classic #CVSS scoring, from 1 to 10. On the x-axis is the SKopos Exploit Scoring (#SKES) risk of exploitation by hackers in the coming months. The chart is based on almost 5 million pieces of vulnerable software, over 50.000 exploits, countless attacks and online dark web conversations. The SKES is daily updated based on new attacks, exploits and dark web conversations. It excludes asset importance to the business, this is part of the Skopos on-prem solution.