Cyber security experts from the Rochester Institute of Technology recently worked with credit analysts from S&P Global Ratings on an educational collaboration aimed at better understanding the impact of cyber risk on an organization's creditworthiness.
Credit analysts from S&P Global Ratings, the world's leading independent provider of credit ratings, participate in seven specialized intensive courses led by experts from the RIT Global Cyber Security Institute (GCI). The interactive training blends theory and practice, allowing participants to gain a true understanding of the current cybersecurity environment and contextualize the key issues surrounding cyber risk today.
"When a business or government experiences a cyber breach, the potential for business, financial and reputational loss is very real," said Sudeep Kish, vice president of analyst innovation at S&P Global Ratings. "We have been incorporating cyber risk into our credit risk analysis for several years, and our RIT training updates our knowledge as the importance of cyber risk management continues to grow."
Due to the shift to remote work and migration of business data to the cloud, cyber risks have increased dramatically during the COVID-19 pandemic. In 2021, the FBI Internet Crime Complaint Center reported a 300 percent increase in cybercrime during the pandemic, while the UN disarmament chief noted malicious emails 600 percent increase in emails.
A 2003 graduate of RIT's management degree program, Kish joined the ESL Global Cyber Security Institute S&P Global Ratings training courses. GCI's ESL staff have created dedicated sessions that focus on contextualizing key issues, discussing the nuances of cyber risks facing businesses today, and designing cyber awareness simulators.
"Best practices in cyber risk analysis require examining biases, data limitations, and assumptions," said Justin Pelletier, director of ESL's GCI Cyber Training and Learning Center, who taught many of the sessions. S&P Global Ratings focuses on core credit analysis. Cyber security is a determining factor in a company's cyber readiness, and their recognition of this has given access to our ESL GCI RIT experts. Having external experts to validate basic understanding and help build a common vocabulary for their teams is a hallmark of a world-class analytics effort.”
The S&P Global Ratings team sessions focused on:
- Cyber Security Basics – Covers the basics, IAAA, and access control and thinks of cyber security as physical security.
- Incident response. Learn best practices for security incident management (SIEM), forensics, and threat investigation to improve future security
- Governance, Risk, and Compliance: Discusses risk prediction, cybersecurity investment models, security by design, and the costs of data breaches.
- Business Continuity and Continuity Management: Discuss how emergency management plans mature and why they can fail
- Employee awareness and training: Learn about the organization's best practices
- Social Engineering – involves the use of deception to manipulate people into providing sensitive information.
- Bias Reduction: Understand how to recognize and address hidden business and financial biases.
"At S&P Global Ratings, we must always be mindful of implicit bias and avoid mistakes in our day-to-day operations," said Simon Ashworth, senior insurance ratings analyst at S&P Global Ratings. "The RIT seminar is an important exercise in remembering and learning specifically to raise our collective awareness of it."
ESL GCI was established in 2020 with the goal of making RIT one of the best places in the world for cybersecurity education, training, and research. ESL GCI professionals offer industry training opportunities that create real responses to cybersecurity crises. Training is provided through the Institute's Cyber Learning and Communication Center, a virtual and physical lab that allows individuals to simulate network cyberattacks and troubleshooting scenarios.
The agency also conducts online trainings with officials from Chase Construction, the City of Rochester and Monroe County, and safety risk consultants. The different exercises can range from a few hours to several sessions per day. Visit the GCI ESL website to learn more about the courses offered through RIT.