The Anthem security breach is a tipping point for all businesses and individuals that use the Internet to conduct their day-to-day business. The ramifications of more than 80 million personal identities in the hands of cybercriminals will result in the loss of untold millions of dollars to anyone and everyone that becomes a victim of this crime for many years to come.
Rather than dwell on the negatives of this event, let’s turn our attention to what good may come out of it.
Anthem’s misfortunes just might get the attention of senior management and boards of directors to recognize that cybersecurity is just as important to the enterprise as the operations of their customer-facing Internet applications themselves. Rather than putting their fingers in the dyke to patch up security holes after the damage has been done, maybe companies will recognize that protecting sensitive and critical data is equally important to their customers, and therefore to the enterprise itself, as the purchase of the products and services the company hopes customers buy in support of the business.
Businesses believe they exist on islands of commerce and all that matters are the attacks that are being directly targeted toward them. This misconception drives the decision to exclude the wealth of information that is collected through the use of global shared intelligence across the internet.
During a recent speech at Stanford University, President Obama discussed his executive order urging companies to join information-sharing hubs to exchange data about online threats. In other words, these hubs will create an environment of global shared intelligence for the purpose of stopping cybercrime using the shared information collected by all enterprises, whether the enterprises are in the same industry or not. What President Obama is asking all of us to do is to create a global “Neighborhood Watch Group” where every enterprise online participates in the protection of every other enterprise on the Internet.
The real consequences of the Anthem breach lie in the millions of stolen identities that will be used to defraud individuals across every aspect of their lives online. While most enterprises continue to focus on securing their internal networks, what is really required is broad adoption and use of secure, anonymized global shared intelligence that will identify what for and where those 80 million stolen identities are being used.
So then comes the critical question. Will enterprises simply add to their already ineffective methods of protecting critical data on the advice of vendors who are selling products designed to recognize intrusions only after the attack has occurred; or will they embrace the fact that today’s threats need to be stopped before the damage is done, outside of the firewall and on the Internet itself?
ThreatMetrix® and our customers believe that in order to protect enterprises from data breaches, a new approach is needed to differentiate between trusted users and cyber threats. At ThreatMetrix, we know that in cyberspace, our identities and personas are inextricably tied to the devices on which they are used, their security posture, their location, behavior and their associations built over time across the myriad of online services they use each day. In order to be me, you need to not only assume my identity and device at a point in time but for all time in order to replicate my digital fingerprint. Better yet, using a privacy-by-design approach, ThreatMetrix doesn’t need to know your name to know you’re not who you say you are. We are the first digital identity network that doesn’t just encrypt data, but also anonymizes data with a one-way filter so that personally identifiable information remains secure against both intentional and unintentional breaches.
ThreatMetrix is the leader in anonymized global shared intelligence to protect digital identities from being exploited. In real time ThreatMetrix protects more than 15,000 websites servicing more than 250 million consumer accounts who in turn execute tens of billions of transactions per year on a global basis. ThreatMetrix stops cybercrime, not customers, by using real-time identity, fraud and security analytics powered by the world’s largest trusted identity network. By creating an anonymized digital identity of consumers based on device, persona and behavior from every interaction (account origination, login and access, and purchase) and comparing it in real time to previous activities, ThreatMetrix enables enterprises to accurately identify good customers from cybercriminals – regardless of channel.
ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions leveraging a global shared digital identity network and real time customer driven analytics platform. These solutions help customers differentiate between trusted users and potential fraud resulting in reduced friction, incremental revenue and lower fraud and operational costs.
ThreatMetrix secures customers against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over one billion monthly transactions and protects more than 250 million active user accounts across 3,000 customers and 15,000 websites and mobile applications. ThreatMetrix is deployed by industry leaders across financial services, e-commerce, payments, social networks, government and insurance.
For more information, visit www.threatmetrix.com or call 1-408-200-5755.