Risk management: The CMC hopes this increased understanding will spur the development of improved incident response planning. Experts quizzed by CSO on CMC welcomed its launch.Ivan Milenkovich, vice president of cyber risk technology in EMEA at Qualys, said data from the CMC has the potential to allow IT security professionals to make better risk assessments, but only providing it is used correctly.”By introducing a standardised cyber event categorisation system, the CMC is addressing a critical gap: the lack of consistent, large-scale data to support cyber risk quantification (CRQ),” Milenkovich said. “This means security teams will finally have access to reliable, aggregated information that can inform risk assessments, threat modelling, and decision-making.”By introducing standardised cyber event categorisation, the CMC is laying the foundation for a more structured and measurable approach to cyber risk. However cyber risk professionals will still need to integrate the CMC’s risk assessments with their own internal data to factor in their organisation’s specific industry, infrastructure, and threat profile, according to Milenkovich.”For many dealing with cyber risk and with cyber insurance and risk operations background and knowledge, this initiative could help bridge the gap between qualitative and quantitative risk management, making it easier to justify security investments with data-backed reasoning,” Milenkovich concluded. “However, success will depend on how well organisations leverage this information alongside their own internal risk frameworks.”Other experts agreed that establishing a consistent standard to measure the severity of cyber incidents will bring clarity to what can be a complex process.”Organisations will hopefully be enabled to provide a standardised method for assessing incidents, identifying patterns and vulnerabilities across their cyber landscape,” said Martin Greenfield, CEO of cyber monitoring firm Quod Orbis. “This not only improves real-time incident response but also strengthens proactive threat hunting and long-term resilience planning.”Dr. Ilia Kolochenko, CEO at application security testing vendor ImmuniWeb and a fellow at the British Computer Society (BCS), described the CMC as a “very promising and long-awaited project” while urging caution about publicly sharing some of the cyber intelligence because it might inadvertently assist attackers.”A growing number of state-backed hacking groups and professional cyber mercenaries are actively exploiting data from similar resources run by other governments and NGOs,” according to Kolochenko. “The bad guys happily explore and discover what their victims know about them to both better conceal their future intrusions and create novel attack vectors that are not yet on the radar.”
First seen on csoonline.com
Jump to article: www.csoonline.com/article/3822449/uk-monitoring-group-to-classify-cyber-incidents-on-earthquake-like-scale.html
