The following is an excerpt from our brand new Mitigating Collaboration Risk Workbook. To learn how to build actionable plans to mitigate risk when you collaborate, download here!
Check out our other ebook excerpts below:
- 9 Critical Information Risks in Collaboration Platforms
The likelihood of a risk becoming an actual event is the first of two critical questions to ask about each risk. Some risks are highly likely to occur given the new culture of teamwork and sharing taking root across the world.
Without the appropriate mitigations in place, risks with near certainty of happening include personal or sensitive data being shared with unauthorized people, phishing and spear-phishing messages being clicked leading to credential theft, and new cloud collaboration services being used by employees without appropriate oversight by corporate IT.
Other risks have a lower likelihood of occurrence, such as a successful ransomware attack that encrypts all data sources in the organization.
Tools for developing a sense of the likelihood of being impacted by each risk include:
- Market research on general cross-industry trends and incidents, such as the general rate of phishing attacks on organizations of all kinds.
- Industry-specific research on risk rates for your industry. For example, we know that the government, healthcare, and education sectors are heavily attacked by external threat actors.
- The number of shadow IT services being used among employees instead of corporate sanctioned services. The greater the number of services used the higher the likelihood of breach
- Current mitigations that your organization already has in place, such as Advanced Threat Protection services in Office 365 or from another vendor to reduce the likelihood of compromise through malicious attachments and links
- The number of third-party business partners who have trusted relationships with your organization, and the risk maturity for each one. Low-risk maturity scores from many partners will increase the likelihood of a risk being triggered
- The correlation between internal employee satisfaction survey scores and the departure of disgruntled employees to competitor firms. If there’s a pattern, such employees may be creating ways of stealing corporate information
For the purposes of this eBook, we advocate using the following scale for likelihood:
Learn how to calculate the severity of data risk and prioritize mitigations in the full workbook!