To effectively manage cyber risk for external entities — such as third parties supplying critical services, equipment, and supply chain logistics — each entity must be continuously enumerated and evaluated against a dynamic set of vulnerabilities, and threat intelligence data streams, and then evaluated with variable impact assessments considering full context, historic exposure — anticipating future risk. Currently, many of the existing solutions rely on manual entity enumeration and focus on ‘point-in-time’ reporting that does not effectively scale to be able to monitor millions of entities. Cogility has developed a system and several component processes for automatically enumerating each entity’s infrastructure, cloud assets, technologies, related technologies, vulnerabilities, and system compromise signals for any given scope of entities. The proposed solution can be scaled to assess every commercial entity in the United States in a near real-time manner.
In October 2023, aerospace giant Boeing’s parts and distribution business suffered a severe cybersecurity breach. The infamous LockBit ransomware group claimed responsibility for the attack, alleging that they had exfiltrated a “tremendous amount” of sensitive data from Boeing’s systems.