Vancouver, BC., December 8, 2021 — To address the increasing security risk within the mining and metals industry supply chain, the Mining and Metals Information Sharing Analysis Center (MM-ISAC), Mirai Security and SecurityScorecard have developed a streamlined methodology that produces a cyber security risk rating for vendors to demonstrate how they’re doing from a security standpoint.
This supplier risk management assessment identifies the supplier’s risk management capabilities through assessment of its governance and technical capabilities, as well as its risk and safety culture. The result of the assessment is a cyber security readiness rating that identifies high-level security and privacy facts that provide security and threat risk assurance which can be leveraged by organisations during the vendor screening and selection process.
“As the only group globally focused on cyber security in the mining and metals industry, I felt the MM-ISAC was well positioned to head this initiative,” said Rob Labbé, Chair of the MM-ISAC. “It will not only save companies time and money but also enable the centralization of data and easy updates to questions as new security risks become mainstream. And so, the MM-ISAC Cyber Security Readiness Rating was born.”
“Assessing vendor risk is arduous, inconsistent and creates friction between buyer and seller,” said Alex Dow, Chief Technology Officer, Mirai Security. “The MM-ISAC’s Cyber Security Readiness Rating solution has set out to centralize and simplify the process, improve accuracy through novel threat-based risk assessment methodology and, as a whole, raise the cyber security water level industry wide.”
The problem with risk assessments within the industry, according to Labbé, is that they are reliant on a lengthy and confusing questionnaire. Most companies have difficulty answering the questions — and even if the suppliers are able to articulate their security posture, many members of the ISAC lack the cyber security expertise required to interpret the results.
After a trip to the grocery store, Labbé came up with the idea of a nutrition label to help the industry understand its risk.
“I thought it would be nice if we could produce a cyber security readiness rating that looks similar to a nutrition label for the vendors so that those who want to use their services can see, at a quick glance, how they’re doing security wise.” Labbé added, “Mining companies have a responsibility to help vendors protect themselves, and we want to reduce the friction and pain for them.”
A new solution
This solution uses SecurityScorecard’s software platform to establish a security scorecard based upon an external view of the company’s risk and security posture information. The company has the ability to continuously monitor and score the External Cybersecurity Posture of an organization (their scores have a statistically relevant correlation with breach risk) and show them how to improve via actionable issue-level detail.
“Data is the most valuable, and personal, commodity in the increasingly more connected environment that we operate in,” said Alex Rich, VP of Marketplace Business Development, SecurityScorecard. “Companies who collect it and fail to protect it will suffer consequences, both monetary and reputation based.”
Our customized survey and questionnaire only contains questions that are relevant to each specific company. What sets the questionnaire apart is the acknowledgement that the “one-size fits all” assessment framework does not provide the risk management value that MM-ISAC members need. Mirai’s methodology recognizes that not all vendors bring the same level of risk to their clients, and the methodology focuses on assessing the risk based on a vendor persona.
Once the questionnaire is completed the automated data from the platform is combined with data from the questionnaire and then meticulously reviewed by Mirai’s security team.
The result is a cyber security readiness rating that allows vendors to share their security posture with potential clients and use it as a marketing tool to differentiate themselves in the marketplace. After all, companies that boast a robust security posture can win business over competitors and also reduce revenue loss due to an interruption in production.
Mirai Security and MM-ISAC are planning to expand this groundbreaking vendor risk management solution to other industries and ISACs.
About the Metals and Mining ISAC
The Mining and Metals ISAC (MM-ISAC) is a non-profit, industry-owned corporation established to improve the cyber security of metals and mining companies. Its goal is to protect members against incidents that could impact safety, environmental sustainability, or operational productivity. This mission will be achieved by sharing threat and vulnerability information, managing industry contingency planning, providing opportunities for training security staff and incident response teams.
Mirai Security is a collective of cyber security professionals who want to do cyber security consulting better. Our goal is to provide our clients with the right cyber security tools and strategies so they can achieve their goals and grow their business.
SecurityScorecard is an information security company that rates cybersecurity postures of corporate entities through completing scored analysis of cyber threat intelligence signals for the purposes of third-party management and IT risk management.