With the rapid increase in remote working during the COVID-19 pandemic, and elevated cyberattacks against professional services firms, a Fortune 25 software company sought to understand the cyber risk exposure across their portfolio of intellectual property (IP) law firms within a limited time window, leveraging Kroll CyberClarity360™ Express to rapidly and non-invasively evaluate nearly 60 firms worldwide within a matter of days.
Kroll CyberClarity360 Express requires no action from either the client or the firms to assess cyber risk exposure through the eyes of an attacker. The algorithmic ranking and analysis engine identified high, medium and low risk firms, and delivered prioritized remediation advice for each risk pool, allowing the client to move forward in their vendor cyber risk management efforts with confidence.
The Situation
Despite having internal vendor acquisition processes in place, previous assessments for approximately 60 IP law firms in North America, Europe and Asia were limited to self-attestations of 100% compliance, without validation or prioritization. This methodology did not reflect recent changes in the threat landscape brought on by the global COVID-19 pandemic. Instead of engaging each firm directly, which would demand a significant amount of time and resources, the client turned to CyberClarity360 Express.
The Solution
Designed to understand cyber risk exposure with high velocity and low friction, CyberClarity360 Express empowers organizations to move faster when identifying risk and increases their ability to manage legal vendor cyber risk across the entire relationship lifecycle. In this specific engagement, CyberClarity360 Express identified the size and scope of each firm’s digital presence, noting weaknesses in software patching, encryption or login pages, and surfaced firm usernames and passwords being openly trafficked by malicious actors. The algorithmic engine calculated a risk score for each firm against not only their absolute performance, but also their performance relative to industry peers.
The Result
CyberClarity360 Express assessed the entire portfolio of approximately 60 IP firms in less than a week. Data volumes exchanged with each firm, represented by active matters, were cross-referenced against cyber risk exposure, enabling Express to identify firms as high, medium or low risk. Each risk group received a comprehensive action plan, prioritized against known cyber risks. Tailoring diligence efforts based on quantifiable cyber risk exposure empowered the client to gain buy-in from both internal and external stakeholders as they moved forward with their action plans.
The Kroll Difference
Built from the ground up to deliver an industry-leading combination of velocity, breadth and depth, Kroll CyberClarity360 Express enables clients to fully understand their third-party cyber supply chain risk. Backed by hundreds of cyber professionals, and frontline insight gained from thousands of cyber investigations per year, CyberClarity360 Express incorporates global regulatory standards and industry best practices into a software-enabled assessment platform. This software, in combination with managed services, supercharges the entirety of the third-party risk management lifecycle, including collection, validation, virtual or on-site audits, risk identification, remediation planning and ongoing monitoring.
Learn more about CyberClarity360 Express and the Kroll difference at kroll.com/cyberclarity