RIT provides customized cyber risk educational series to S&P Global Ratings

Rochester Institute of Technology cybersecurity experts recently worked with the credit analysts from S&P Global Ratings in an educational partnership aimed at better framing the impact that cyber risk plays on an organization’s creditworthiness.

Credit analysts from S&P Global Ratings, the world’s leading provider of independent credit ratings, participated in seven customized, immersive training sessions led by experts from RIT’s ESL Global Cybersecurity Institute (GCI). The interactive training combined theory with practice, allowing participants to gain real-world understanding of the current cybersecurity environment and contextualize the key issues in cyber risk today.

“When a company or government is hit with a cyber breach, there is very real potential for serious business, reputational, and financial losses,” said Sudeep Kesh, Deputy Head of Analytical Innovation at S&P Global Ratings. “We have been including cyber risk in our credit risk analysis for several years now and the RIT training further accelerated our knowledge as the importance of cyber risk management continues to evolve.”

Driven by the move to remote work and company data migration to the cloud, cyber risk escalated during the COVID-19 pandemic. In 2021, the FBI’s Internet Crime Complaint Center pointed to a 300 percent increase in reported cybercrimes during the pandemic, while the U.N. disarmament chief pointed to a 600 percent increase in malicious emails.

Kesh—a 2003 graduate of RIT’s management degree program—connected with the ESL Global Cybersecurity Institute about training for S&P Global Ratings. ESL GCI staff created custom sessions aimed at contextualizing key themes, addressing nuances of cyber risk faced by companies today and tailoring simulations specific to cyber awareness.

“Best practice in cyber risk analysis requires an examination of biases, information limitations, and assumptions,” said Justin Pelletier, director of the ESL GCI Cyber Range and Training Center, who taught several of the sessions. “S&P Global Ratings’ focus is on fundamental credit analysis.  Cybersecurity is one factor in determining an entity’s cyber preparedness and their recognition of this led them to reach out to our experts at RIT’s ESL GCI. Getting those outside experts to confirm core understanding and help create a common lexicon for their team is the hallmark of a world-class analytic effort.”

The sessions with the S&P Global Ratings team focused on:

• Cyber Security Fundamentals—discussing key terms, IAAA and access controls, and thinking of cybersecurity like physical security
• Incident Response—learning best practices for security incident event management (SIEM), forensics, and threat hunting to improve future security
• Governance, Risk, and Compliance—discussing risk prediction, models for cybersecurity investment, the principles of security by design, and data breach costs
• Business Continuity Management and Resilience—analyzing how contingency management programs mature and why they can fail
• Employee Awareness and Training—learning best practices for an organization
• Social Engineering—covering the use of deception to manipulate individuals into giving up confidential information
• Mitigating Bias – understanding how to recognize and resolve implicit business and financial bias

“At S&P Global Ratings, we constantly must account for implicit bias and avoid fallacies when conducting our day-to-day activities,” said Simon Ashworth, Chief Analytical Officer, Insurance Ratings, at S&P Global Ratings. “RIT’s seminar was an important exercise in specifically learning to call it out and raise our collective cognizance of it.”

The ESL GCI was formed in 2020, aimed at making RIT one of the best places in the world for cybersecurity education, training, and research. Experts at the ESL GCI offer industry training opportunities that generate the real world feel of responding to a cybersecurity crisis. Training is offered through the institute’s Cyber Range and Training Center, a virtual and physical lab that allows people to simulate network cyberattacks and problem-solving scenarios.

The institute has also conducted cyber training with Chase Construction, City of Rochester and Monroe County officials, and Security Risk Advisors. Different trainings can vary from several hours to multi-daylong sessions. To learn more about training sessions offered through RIT, go to the ESL GCI website.