Breach of Crown Jewel Web App (PII) by an External Actor Overview

Breach of Crown Jewel Web App (PII) by an External Actor Overview

Scenario at a Glance

• Threat: External Malicious Actor
• Asset: Crown Jewel Web App (PII)
• Effect: Confidentiality
• Method: Code Exploitation

Overview

The purpose of this analysis is to quantify the risk associated with an external actor breaching the confidentiality of PII in a crown jewel web application via code exploitation. This content pack contains this analysis because of the prevalence and ease in which a threat actor can breach a web application. According to the 2020 Data Breach Investigations Report (DBIR), the percentage of breaches originating from a web application attack has doubled since 2019, with over 90% of breaches originating from this method in 2020.

Key FAIR Components

• Threat Event Frequency (TEF): The number of times per year that an external malicious actor will attempt to exfiltrate PII from a crown jewel web application
• Vulnerability: The probability that an external malicious actor attempting to exfiltrate PII from a crown jewel web application will be successful

Data Sources

The RiskLens’ Starter content pack comes prepopulated in the RiskLens platform with data, risk scenarios, and other content. Each risk scenario is fully populated with expert-estimated ranges and draws on RiskLens’ experience, third-party content, and data helpers available in the Starter content pack in catalog. All relevant data sources and assumptions are documented in the accompanying rationale so you can be confident in the results.

The third-party sources referenced for this scenario include:

• 2020 Verizon Data Breach Investigations Report (DBIR)
• North America Industry Classifications System (NAICS)
• 2021 Global Encryption Trends Study
• Advisen Cyber Loss Data (fines & judgments loss table)

Starter Content Pack Resources

This scenario uses estimates sourced from various data helpers for both frequency and magnitude workshop questions. When applicable, the data helper and tier used are documented in the rationale. These data helpers are available via the Starter content pack in the catalog.

The Starter content pack data helpers used in this scenario include:

• Web Application Code Exploit Attempts, per Year
• Web Application Code Exploit Attack Susceptibility
• Incident Management Efforts, in Hours
• Loaded Hourly Employee Wage
• Data Access/Disclosure – Probability of Secondary Loss Occurring (Guided)
• Percentage of Suspicious Activity Logged
• Percentage of Logged Suspicious Activity Recognized

You’re encouraged to add these data helpers to your library to review the additional tier options and select the option best aligned with your organization. You can find additional information about this scenario’s modeling and estimation within the workshop.

Starter Content Pack Purpose and Guidance

The RiskLens’ Starter content pack enables efficient analysis of some of the most important and common risk scenarios that have been modeled using FAIR and RiskLens leading practices. The scenarios in this content pack are designed to provide structure and guidance for future analysis work while also quantifying some of the most analyzed scenarios in the RiskLens’ platform.