New CompTIA ISAO Benefit: Cybersecurity Grades Now Available – and How to Improve
According to the CompTIA Cyber Rating Rating, more than 31% of CompTIA ISAO members have received an A grade for cybersecurity prowess. Their resilience to hacking, ranomsware, and other cyber-attacks has increased from 19% two months ago. The CompTIA ISAO announced a partnership with SecurityScorecard in October to create the CompTIA ISAO’s Cyber Risk Rating. It was made available as a member benefit to all CompTIA ISAO members.
SecurityScorecard’s CompTIA ISAO Cyber Rating provides an outside-in view on an organization’s cybersecurity posture. It aggregates data from 10 risk factors to determine an A to F letter grade, and a score of 1 to 100. The rating also includes detailed analysis of the areas where you can take corrective and preventive actions to improve your score.
SecurityScorecard’s transparent, trusted ratings methodology is used to grade the organization. This data has been collected from millions of organizations around the world and includes data on:
Network Security: Check for high-risk or insecure open ports in your network
DNS Health: Measures the domains you have registered and verifies that there are no malicious events in your DNS history
Patching Cadence: Monitors the speed at which patches are applied to your network
Endpoint Security: Tracks metadata related to operating systems and web browsers.
IP Reputation: Measures malware exposure based upon OSINT and third party threat feeds
Application Security: Monitors exploitable conditions based upon threat intelligence, CVE and Blackhat database
Cubit Score: This score is based on threat intelligence, flagged addresses and other security indicators.
Hacker Chatter: Analyses underground hacker chatter
Information Leak: Looks for compromised credentials being circulated via the dark web and other nefarious channels.
Social Engineering: Determines your vulnerability to social engineering attacks.
The service also provides deep analysis of any vulnerabilities discovered. The Cyber Risk Rating is based on the same methodology as the CompTIA ISAO cyber analysts. It provides a clear understanding about a risk and the available mitigations. Actionable steps can help improve your organization’s score. You can even create a custom plan to achieve the score you desire for your company.
Are you on the Cybersecurity Honor Roll
The average score of all organizations initially monitored by CompTIA was 81, or a B, when the CompTIA Cyber Risk Rating was launched in Oct. Only 19% of organizations had an A. Two months later, we monitor 150 more organizations and the average has risen to an 82. Better still, 31% have earned an A grade. There is still much to be done, but we are seeing steady improvements over time in our members’ scores.
CompTIA ISAO also tracks MSP vendors and publishes the MSP Supply Chain Cyber-Risk Rating. This rating categorizes vendors by technology (e.g., backup vendors, RMM vendor, etc.) and shows the average rating per technology category. This allows CompTIA ISAO members the opportunity to ask their vendor partners about their Cyber Risk Rating score. It is a comparison to the average. Although we don’t call out specific vendors, we believe that this tracking of the MSP supply chain will allow MSPs to have more transparency and confidence about how their vendor partners are handling their cybersecurity posture.
CompTIA ISAO members also have the Cyber Risk Rating. They have direct access to SecurityScorecard’s customer success team, access summary and detailed reports to share with prospects, customers, and business partners, as well as the ability to monitor up 24 of their customers. All of this is included in CompTIA ISAO member benefits. We are excited about this partnership and the tools it provides to members to improve, measure, and report on cybersecurity, as well as monitor the health and supply chain health. It’s a win-win situation for everyone.
MJ Shoer, Senior Vice President at CompTIA, is Executive Director of CompTIA ISAO.
Learn more about the CompTIA ISAO or Cybersecurity Community to join the cybersecurity conversation.