Crossword have been working with Professor David Stupples and his team at the Centre for Cyber and Security Sciences at City University, London on the subject of Cyber Security Risk Assessment for over 18 Months.
The Direct Attack Path Analysis (DAPA) algorithm created by City was incorporated into the Rizikon cyber risk assessment and advisory product.
The method looks at all the paths by which an attacker might try to cause a breach in the organisation's system. This can be done by directly attacking from outside the perimeter of the system or by trying to have some form of malware transported into the system by a carrier (known as a mule). The mule can be knowingly maliciously attacking the system (such as in the case of a bribed employee or someone carrying a grudge), or unwittingly transporting the malware (if it is hidden or disguised as legitimate software on some device).
The research breaks down these paths of attack into 'Attack Vectors' and model each one based on the information gathered about the target organisation. It is used to provide an overall probability of successful attack and the most likely means by which it could be executed.
In addition, Rizikon also provides the organisation with advice and guidance on how to improve defences and reduce overall business risk.