Many of us know of at least someone, if not ourselves, who have experienced some form of identity theft -- hopefully nothing more than having your credit card cloned. But the fear that at any moment any of us could have someone take over and incur debt through fraud or other malfeasance is real. We lose sleep at night, we buy document shredders, we don’t share our personal information, we take precaution to protect our identity all in an effort to be proactive. We care about our credit scores because we understand the importance and implications if we don’t.
So how many companies share this same affinity for privacy hygiene in the workplace? For those who are CSO or whose job it is to prevent nefarious and evil doers from stealing customer data, financial data, proprietary information, or government secrets, this is the day to day routine. In a world where threats were black and white, solutions would be simple and mundane. Except they are not, and the economics of cybercrime favor the bad guys. Cybercrime is big business and if it was a single entity it would top the Fortune 50 list of companies. It is estimated that cybercriminals realized revenue in 2018 of over $1.5T. No longer is the threat limited to hacks and individual hackers, highly organized attackers, malware, phishing, espionage, or even nation-state activity. Now we have the dark web, an autonomous and anonymous online marketplace where wannabe hackers can buy stolen data and prewritten code and apps complete with ratings and guarantees of success. It’s now a business to help others commit cybercrime.
For those who experience some form of victimization, i.e. corporations, business, nations, banks, institutions who suffer a breach, they are left in a different posture. One that believes all too often the first step is hiding, secreting, covering up theft or infection is the best solution. In reality cybercrime has more in common with a health pandemic than a computer glitch. Cybercrime isn’t about computers; it’s about behavior, and how CSO’s react in 2019 and beyond means exposing the infection to the antiseptic of the light.
Industry needs an entirely new approach, one centered on the idea of changing economics and decreasing motivation. If experts follow the CDC and WHO model of sharing information in real time, democratizing threat intelligence data about who is infected, how the disease is spreading, with a goal to expose bad guy activities, disrupt the wave, stop it as it happens. One such company taking just that approach, through a platform that creates and stores cyber rating on a global level for companies in a positive effort to raise the bar for everyone. In a technology market where all ships can rise with thSecurityScorecardSorecard is blazing new ground. Their thought leadership, ability to dashboard information like security efficacy in a public way, alerts, transparency, dark web monitoring, attribution, and deep web intelligence is truly innovative. CSO, CEO, boards, and even partners can now collaborate through SecurityScorecard’s security rating platform and scoring methodology to address internal exposures and external threats. Technical demands like GDPR, HIPAA, cyber insurance, auditing, being able to address unknown attacks in real time, being cyber proactive, and even calculating risk across potential opportunities means increased ROI and decreased exposure. Having fewer vectors is a rising tide when meaningful data is available.