ThreatMetrix Outlines Strategies for Law Enforcement and Businesses to Collaborate to Combat Cybercrime

Posted on October 28th, 2014 by Dan Rampe

Andreas

In Conjunction with National Cyber Security Awareness Month, ThreatMetrix Presents Three Ways for Law Enforcement and Businesses to Bring Cybercriminals to Justice

San Jose, CA – October 28, 2014 – ThreatMetrix®, the fastest-growing provider of context-based security and advanced fraud prevention solutions, announced today three methods for law enforcement and businesses to collaborate in the fight against cybercrime, continuing its commitment to this year’s National Cyber Security Awareness Month (NCSAM) theme, “Our Shared Responsibility,” as well as the fifth week’s theme examining the current state of cybercrime and law enforcement’s involvement.

The theme of NCSAM’s fifth and final week, “Cyber Crime and Law Enforcement,” examines the ever-growing number of cyber attacks on U.S. companies and stresses the importance of law enforcement and businesses of all sizes to join forces to identify cybercriminals and bring them to justice.

Unfortunately, cybercriminals are often virtually impossible to locate due to the use of stolen identities, compromised devices, and masked IP addresses. To heighten the problem, these criminals come from various backgrounds, and range from individuals to entire governments. Law enforcement agencies, businesses and individuals are fighting their own battles against cybercriminals, operating individually making them easy targets if they fail to collaborate on prevention efforts.

“While businesses have a responsibility to protect their customers’ privacy and data, they often lack the resources, knowledge, or both to do so,” said Andreas Baumhof, chief technology officer at ThreatMetrix. “Law enforcement agencies also have difficulties protecting consumers, as they are constantly hampered by incomplete information and jurisdictional challenges. Therefore, both parties need to collaborate on a global level to assure the best resources are available to stop cybercriminals in their tracks.”

In recent years, law enforcement officials and business worldwide have increasingly realized the importance of working together to fight cybercrime. However, for this to momentum to continue, businesses need to take the following steps to help law enforcement bring cybercriminals to justice:

1. Share – “Cybercrime is the only crime that is truly international,” said Baumhof. In order to get ahead of the curve information sharing must exist at the business and the government level, while still protecting consumer privacy. Financial and retail industries have already starting to share threat information, but all industries can benefit from collaboration. Many businesses are afraid of sharing customer information with competitors, but through an anonymized global network, they can collaborate without losing a competitive edge.

The ThreatMetrix® Global Trust Intelligence Network anonymizes and encrypts data across 850 million monthly transactions to enable parties on the right side of the war against cybercriminals to identify threats and keep their organizations secure without providing any personally identifiable information.

2. Take – Individuals and businesses often do not understand that cybercriminals get away with their crimes because it is much more difficult to secure evidence than it is for physical crimes. In order for law enforcement to prosecute these criminals, businesses must have the capabilities to identify suspicious activity and provide a chain of evidence linked to the crimes. ThreatMetrix has the capabilities build such a chain of evidence and take away cybercriminals’ hiding places through its proxy piercing and device identification technologies, which are used to map online personals to the physical devices used in cybercrime attempts.

For example, ThreatMetrix aided the London Metropolitan Police eCrime Unit in arresting several individuals who were responsible for a large phishing attack in 2012. This was only possible through the collaboration between the law enforcement and business. In working with the London law enforcement, ThreatMetrix assisted in providing evidence that linked to the confiscated devices that contained accounts linking criminals to the phishing crimes.

“The data ThreatMetrix collected from the London phishing attacks helped support the capture and conviction of the cybercriminals,” said Baumhof. “This victory serves an ideas example of how a global network of anonymized trust intelligence can bring down illegal online operations – whether large or small – and ensure that cybercrime ring cannot commit further online fraud.”

3. Collaborate – Businesses, consumers and law enforcement working together is the only way to truly defeat cybercrime. Businesses should begin to build relationships with law enforcement officials as soon as they suspect illicit activities on their networks. Doing so enables law enforcement agencies to become better informed about the nature of the crime at hand. Regardless of the size of the crime, it is only a matter of time before that business’ weaknesses are further exposed. By sharing information with law enforcement, businesses are connected to a larger network of law enforcement agencies across borders and boundaries, which decreases the overall security threat of customer and business data being exposed.

In addition to the overall theme of “cybersecurity is a shared responsibility,” the U.S. Department of Homeland Security outlined weekly themes to commemorate National Cyber Security Awareness Month throughout October. The themes for this year included:

  • Week One – Promoting Online Safety with the Stop. Think. Connect.™ Campaign
  • Week Two – Secure Development of IT Products
  • Week Three – Critical Infrastructure and the Internet of Things
  • Week Four – Cyber Security for Small and Medium-Sized Businesses and Entrepreneurs
  • Week Five – Cyber Crime and Law Enforcement

ThreatMetrix proudly supported each week’s theme through the end of the month. To commemorate National Cyber Security Awareness Month, ThreatMetrix signed on as a “Champion” with the National Cyber Security Alliance.

ThreatMetrix Resources

About ThreatMetrix

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

© 2014 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Cloud, TrustDefender Mobile, TrustDefender Client, the TrustDefender Cybercrime Protection Platform, ThreatMetrix Labs, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.

Media Contacts
Dan Rampe
ThreatMetrix
Tel: 408-200-5716
Email: drampe@threatmetrix.com

Beth Kempton
Walker Sands Communications
Tel: 312.241.1178
Email: beth.kempton@walkersands.com

 

 

Three Ways to Change the Odds for Cybercriminals

Posted on October 28th, 2014 by Dan Rampe

Andreas

If I tried to rob a bank, I’d probably be caught, no matter how carefully I plan. Once caught, I would certainly face prosecution and probably be found guilty. The criminal justice system is good at handling this type of crime. I’ll stick with my day job.

The story is not the same for the cybercriminals that defraud businesses and consumers of billions of dollars each year. For many years, cybercrime gangs have been getting away with their crimes. We’re just starting to turn the corner on prosecuting online fraud and crime.

For this closing week of National Cyber Security Awareness Month, let’s look at the current state of law enforcement and cybercrime – and what businesses of all sizes can do to improve their odds.

It’s a lopsided battle

The fight against cybercrime doesn’t seem like a fair fight.

On one side are the many cybercriminals around the world. Unlike individual bank robbers, who may have a few accomplices in one physical location, cybercriminals collaborate globally. They share exploits and stolen identities, and operate behind networks of compromised devices and spoofed identities.

Arrayed against these criminals are individuals, government agencies and businesses of all sizes. Unlike the cybercriminals, they tend to operate individually and openly. When individuals make a credit card purchase at a local retailer or take a photo on a smart phone, they may not even see the online transactions happening behind the scenes. They’re often not aware of the risk.

Businesses have additional regulatory burden. They are accountable for protecting customer privacy and data, without always having the information necessary to do so. In the US, the Office for Foreign Access Control (OFAC) prohibits business transactions with embargoed or restricted entities. Cybercriminals are particularly good at hiding behind spoofed IP addresses and proxies, making it look like they are somewhere they’re not. Businesses must make decisions based on imperfect information.

Law enforcement agencies are hampered by incomplete information and jurisdictional challenges, as cybercrime is truly global crime.

The situation seems grim, but we can change the outcomes. In the past year, law enforcement groups worldwide have collaborated with each other and businesses to put cybercriminals behind bars. For this trend to continue, businesses should take the following three steps.

1. Share information with others in your industry.

To even the odds, we have to join forces with each other. The financial industry already shares threat information, and the retail industry is following with the National Retail Federations Information Sharing and Analysis Center (ISAC)

Businesses of all kinds can join a network like the ThreatMetrix Global Trust Intelligence Network to share anonymous information about your site visitors, logins, and transactions with other businesses worldwide.

2. Take away the online hiding places.

For successful law enforcement and prosecution, businesses must be able to identify cybercriminals and create a chain of evidence. ThreatMetrix can help with this step. Using proxy piercing and device identification technologies, we can map online personas to the physical devices used in cybercrimes.

In 2012, London’s Metropolitan Police Central eCrime Unit (PCeU) arrested individuals and confiscated laptops responsible for a large phishing attack. Working with its customers, ThreatMetrix provided evidence that linked the confiscated laptop with the accounts that performed the phishing exploits. This data contributed to a chain of evidence that supported the eventual conviction of the individuals on multiple counts of fraud and possession of criminal property. The phishing gang is off the streets for many years.

3. Collaborate with law enforcement

Sometimes the best way to protect your customers is to get the criminals off the streets altogether. To do this, you need to build relationships with law enforcement. Law enforcement agencies are becoming more informed and collaborating across boundaries, but they need the help of affected businesses to make any progress.

In 2013, StubHub (part of eBay) discovered that a global ring of criminals was taking over legitimate customer accounts to fraudulently buy and sell tickets. Rather than simply writing off the losses and making the customers whole, the company also set out to prosecute. StubHub collaborated with law enforcement authorities around the world to shut down the operation. This past summer, six people were indicted in New York in connection with the fraud.

If every business took these three steps now, when National Cybercrime Awareness Month rolls around next October, we might be sharing more stories of successful prosecutions and fewer stories of successful exploits.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

Three Things Small Businesses Can Learn from High Profile Data Breaches

Posted on October 21st, 2014 by Dan Rampe

Andreas Header

National Cyber Security Awareness Month started off with a bang this year – the news that a breach at JPMorgan Chase compromised accounts of 76 million households and 7 million small businesses. Leading up to National Cyber Security Awareness Month, another high profile data breach was disclosed – Home Depot confirmed that 56 million credit and debit cards were exposed in a recent breach in an attack on the company’s point of sale systems.

In line with this week’s National Cyber Security Awareness Month theme, “Cyber Security for Small and Medium-Sized Businesses and Entrepreneurs,” I’m going to focus here on the special challenges of smaller businesses when it comes to cybersecurity.

If you’re running a small or mid-sized business, or if you are an entrepreneur starting a new venture, this breach holds three important lessons:

  1. As a small or mid-sized business, you are not immune from data breaches.
  2. Your customers may be among those 76 million households or 56 million cardholders with compromised identities – a fraudster is likely trying to do business with you using a stolen identity.
  3. Small businesses are at a disadvantage, with fewer resources to build defenses or ride out the impact of a breach. And as Byron Acohido of ThirdCertainty points out on his guest blog for ThreatMetrix, the legal banking protections are different for small businesses than consumers, resulting in a greater risk exposure.

Let’s look at each of these issues in turn.

Small businesses are in the cross hairs

There is no such thing as a business that’s too small for cybercriminals. Many cybercriminals target smaller businesses precisely because they lack the resources of larger companies to keep systems patched and spot fraudulent access.

One thing we regularly see is that because large institutions are better prepared to deal with cyberciminals, they turn to smaller organizations. I have seen dedicated malware configurations for credit unions as small as 500 members!

Further, how many businesses plan to remain under the radar? If you have a growing business or are a growth-hacking entrepreneur, you want to world to sit up and take notice of your business. You cannot possibly hide from the cybercriminals. In fact (and unfortunately), some businesses see their first cyber attack or breach as an early sign of business growth and recognition.

And even if you have low profile today, you may be collateral damage in breaches of the larger organizations that you do business with. This is the case for the JPMorgan Chase small business customers.

Stolen identities are a growing problem

The latest breach added millions of stolen identities to the ones already available on black markets. Every stolen identity is a risk factor for your business, as attackers may spoof identities of legitimate customers to do business with you.

Identity spoofing is already a big and growing problem for businesses. Businesses in the ThreatMetrix® Global Trust Intelligence Network frequently detect and deter identity spoofing attacks in logins, new account creation and transactions.

We expect the trend to accelerate, particularly for account creation. The adoption of “chip and pin” credit card technology in 2015 in the U.S. will drive credit card fraud into new channels. Because counterfeiting a card is difficult, criminals will turn their focus to online channels and to gaining credit cards using stolen identities. This was one of the lesson learned when Europe moved to “chip and pin” in 2012.

Smaller businesses have fewer resources

If a financial giant with advanced security measures like JPMorgan Chase cannot protect its customers’ data, how can small businesses do the job with fewer resources? You may not have teams of people dedicated to security, but surviving the damage caused by a data breach has the potential to seriously derail your growth. In addition, new, fast-growing businesses often prioritize business success and revenue while placing fraud prevention on the back burner – and this is a big mistake.

The only way for small and mid-sized businesses – or fast-growing startups – to level the playing field is to collaborate on security. Be part of something larger by sharing threat intelligence and information with other businesses, large and small, around the globe. By participating in a network like the ThreatMetrix Global Trust Intelligence Network, which analyzes and protects more than 850 million monthly transactions, you can build trust into your customer transactions and other activities by placing them in a broader, worldwide context.

The strategic business value of trust

Security may seem like a defensive tactic or cost of doing business, but building trust is strategic. If you want your business to grow, you need customers to trust in their interactions with you and to trust you with their data. And to expand confidently beyond geographic borders, you need to trust that you can do business with overseas entities securely. At ThreatMetrix, our goal is to make that kind of online trust a reality.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

ThreatMetrix Reveals Strategies for Small and Medium-Sized Businesses to Avoid Falling Victim to Data Breaches

Posted on October 21st, 2014 by Dan Rampe

Andreas Header Two

Continuing its Alignment with National Cyber Security Awareness Month, ThreatMetrix Draws on Recent Data Breaches to Outline Cyber Security Lessons for Small Businesses

San Jose, CA – October 21, 2014 – ThreatMetrix®, the fastest-growing provider of context-based security and advanced fraud prevention solutions, today announced several risks and preventative strategies for small and medium businesses (SMBs) protect against data breaches, continuing its commitment to this year’s National Cyber Security Awareness Month (NCSAM) theme, “Our Shared Responsibility,” as well as the fourth week’s theme of examining cybersecurity for SMBs in addition to entrepreneurs.

The theme of NCSAM’s fourth week is “Cyber Security for Small and Medium-Sized Businesses and Entrepreneurs,” calling attention to the importance of cybersecurity measures for smaller businesses, as well as addressing the special challenges faced by these entities when it comes to cybersecurity. Recent high-profile breaches such as JPMorgan Chase and Home Depot – which have compromised millions of accounts and other sensitive information – make now a more important time than ever for SMB owners and entrepreneurs to educate themselves on cyber security. Several risks these businesses face, along with preventative strategies include:

No Business is Too Small

Cybercriminals will target any business, large or small, so long as there is a consistent flow of revenue. Since large companies often have more comprehensive cybercrime prevention strategies in place, cybercriminals often turn to smaller organizations instead. Rapidly-growing, small businesses also risk falling victim to cybercriminals as they increasingly gain recognition. As a result, some SMBs choose not to expand internationally because of the possible increased fraud risk and end up missing out on revenue opportunities.

“The unfortunate fact is that some small businesses see their first cyber attack or breach as an early sign of business growth and recognition,” said Andreas Baumhof, chief technology officer at ThreatMetrix. “The focus for every small business is to grow as fast as possible. The mindset is ‘If I don’t sell anything, I don’t need a fraud solution, so let’s first sell and then figure out the fraud problems later.’ However, this is an ineffective way for businesses to treat their customers’ sensitive information, as these businesses will ultimately be targeted by cybercriminals.”

Stolen Identities Are a Growing Problem

The recent JPMorgan Chase, Home Depot and other breaches added millions of stolen identities to the millions already on black markets. The JPMorgan Chase breach alone compromised the accounts of 76 million households and seven million small businesses. These compromised accounts pose the risks of stolen credit card information, personal information sold on black markets and fraud ranging from account takeover to financial fraud to businesses of all sizes.

According to recent data from a ThreatMetrix Cybercrime Index™ Benchmark Report businesses in the ThreatMetrix® Global Trust Intelligence Network have reported frequently detecting and deterring identity spoofing attacks in logins, various transactions and account creation. ThreatMetrix expects this trend will accelerate over the next year as the U.S. adoption of “chip and signature” credit card technology in 2015 drives more fraud online.

Smaller Businesses Have Fewer Resources

Recent high-profile breaches of large enterprises draw attention to the fact that SMBs are at even higher risk with fewer resources available for cybercrime prevention. Not only do many of these organizations not have dedicated cyber security teams, but if for those who are breached, it is extremely difficult to recover from the damage to their business, as growth and profits are stunted post-data breach. Fast-growing SMBs often make the mistake of prioritizing business success and revenue over fraud prevention.

“Small and medium-sized businesses will always have fewer resources than large enterprises to protect themselves, so the focus needs to be on how all enterprises, small and large, can work together to level the playing field and combat fraud altogether,” said Baumhof. “Threat intelligence sharing through an anonymized global network benefits every business involved and helps to build trust on the Internet. It’s the responsibility of small and large businesses alike to collaborate against cybercriminals.”

In order for SMBs to get ahead of the curve on cybersecurity strategies, there needs to be collaboration and information sharing at the business and the government level, while protecting consumer privacy. The ThreatMetrix® Global Trust Intelligence Network anonymizes and encrypts data to enable businesses of all sizes to identify threats and keep their organizations secure without providing any personally identifiable information.

In addition to the overall theme of “cybersecurity is a shared responsibility,” the U.S. Department of Homeland Security outlined weekly themes to commemorate National Cyber Security Awareness Month throughout October. The remaining the upcoming theme is:

  • Week Five – Cyber Crime and Law Enforcement

ThreatMetrix will continue to support each week’s theme through the end of the month. To commemorate National Cyber Security Awareness Month, ThreatMetrix has also signed on as a “Champion” with the National Cyber Security Alliance.

ThreatMetrix Resources

About ThreatMetrix

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

© 2014 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Cloud, TrustDefender Mobile, TrustDefender Client, the TrustDefender Cybercrime Protection Platform, ThreatMetrix Labs, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.

Media Contacts
Dan Rampe
ThreatMetrix
Tel: 408-200-5716
Email: drampe@threatmetrix.com

Beth Kempton
Walker Sands Communications
Tel: 312.241.1178
Email: beth.kempton@walkersands.com

 

Internet of Things – A Consumer Dream or Cybersecurity Nightmare?

Posted on October 14th, 2014 by Dan Rampe

Andreas

Don’t look now, but your life is more online and connected today than it was last year – and the trend is accelerating.

Late last year, we predicted that risks associated with the Internet of Things (IoT) and critical infrastructure would be two emerging cybercrime trends this year. (See our 2014 predictions blog.) These topics are the theme of this third week of the National Cyber Security Awareness Month, “Critical Infrastructure and the Internet of Things.”

IoT and Critical Infrastructure are two sides of the same coin

This year has seen a burst of innovation in the Internet of Things. Intel is getting into the wearable technology field, while the Consumer Electronics Show was filled with wearable devices such heart monitors, sensor-equipped golf gloves and networked pet collars. Other devices already on the market are gaining traction, from cars that email us when they need service to health monitors that publish our glucose levels. The possibilities are endless and so are the products that come to market quickly.

When it ships early next year, the Apple Watch will no doubt expand the wearable technology market beyond the earliest adopters to the broader Apple faithful.

Even if you’re not using these technologies, you are part of a connected world through the public infrastructure around you. Wireless cameras and embedded sensors permeate public facilities and transportation hubs. We all depend on power grids and water delivery systems (also known as critical infrastructure) that are controlled by networked devices. In the near future, drones may zoom around us on city streets.

The increasing connectivity of the world poses a growing cybersecurity threat that we are not securing well. For consumer technologies, personal privacy is often at risk. The public safety risks are higher for critical infrastructure.

All these devices are Internet enabled, but remember: they run software. They run the very same software that is being attacked on a daily bases for high risk applications such as online banking. The only difference is: they cannot be updated – and this has the potential to make these a lethal target.

Point of Sales Systems – The Canary in the Coal Mine
Lest you think I’m being alarmist, let’s consider one of the earliest entrants in the Internet of Things – Point of Sale (POS) systems. You see them everywhere – devices such as cash registers and credit card readers use POS to take payments at retail stores.

You would think that POS systems would be secure, for several reasons.

  • They’ve been around for a while, so we’ve had time to figure out how to make them safe.
  • They handle financial transactions, therefore we are extra motivated to keep theme secure.
  • They are locked down and run in dedicated networks

Yet POS exploits were responsible for two of the largest data breaches in the past year – the Target and the Home Depot breaches.

If we cannot manage to protect those network-attached devices that we know are targeted by thieves, how much better will we be at protecting the various technologies we’re embedding in our personal lives? Or the devices controlling critical infrastructure? Even our highway signs have been hacked. (See http://www.threatmetrix.com/a-sign-of-the-times-hacking-signs-electronic-road-sign-hackers-reveal-a-downside-to-the-internet-of-things/)

A roadmap to a more secure connected world

We can address these risks, but only with concerted and collaborative efforts. My recommendations for connected devices are as follows:

  1. Think twice about what goes on public networks. Network segmentation and isolation are critical, particularly for critical infrastructure.
  2. Strengthen authentication to these devices and the systems that manage them. Logins continue to be the weakest point in most systems. We’re reaching a point at which it is irresponsible to protect critical systems with passwords alone. Use multiple authentication factors or context-based authentication to reduce risk of stolen identities and unauthorized access.
  3. Look for anomalies at all levels, including patterns that represent known threats or never-before-seen patterns that may indicate an emerging threat.
  4. Provide a mechanism to securely update these devices. In order to do so, many of the previous points need to be considered.

To put these strategies in place, we must exchange and share threat information at both the business and government level. The federal government is committed to sharing information with the private sector related to critical infrastructure. (See Executive Order 13636)

For businesses that handle personal or consumer-based products, sharing information must be balanced with protecting consumer privacy. As the data collected about us from devices continues to grow, privacy will be more important than ever before. That’s why we’ve built data anonymization and encryption into the ThreatMetrix® Global Trust Intelligence Network.

As new technologies continue to reshape our future at a rapid pace, we have to act quickly to make sure that the future we’re building is secure and private, not dystopian.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

 

 

ThreatMetrix Announces Strategies to Combat Growing Threats to Critical Infrastructure and the Internet of Things

Posted on October 14th, 2014 by Dan Rampe

Andreas2

In Conjunction with National Cyber Security Awareness Month, ThreatMetrix Outlines Security Measures to Properly Secure Web-Connected Devices and Critical Infrastructure

San Jose, CA – October 14, 2014 – ThreatMetrix®, the fastest-growing provider of context-based security and advanced fraud prevention solutions, today announced strategies to combat security risks for the Internet of Things (IoT) and critical infrastructure, continuing its commitment to this year’s National Cyber Security Awareness Month (NCSAM) theme, “Our Shared Responsibility,” as well as the third week’s theme of examining potential security implications associated with critical infrastructure and the IoT.

The theme of NCSAM’s third week is “Critical Infrastructure and the Internet of Things,” calling out the risks faced by devices and critical utilities as they increasingly connect to the Internet. As devices ranging from watches and heart monitors to refrigerators, as well as critical utilities such as water and power, continue to connect online, our everyday lives are placed at an increased risk to of being compromised by fraudsters.

In the past year alone, innovations in wearable technology and other fields have included a burst in Internet-connected devices. From cars that can send email reminders when they need service to health monitors that publish heart rate and glucose level to online tracking tools, the inter-connected world is growing and not slowing down, creating significant risks for consumers’ privacy and cyber security.

However, the users of these new technologies are not the only ones affected by the increasing connectivity of the world. Public infrastructure is all connected online, from power grids to water delivery systems, all controlled by networked devices. This is critical infrastructure, and it opens the door to individual cybercriminals or nation states to wage a new form of online warfare if proper security measures are not immediately set in place.

“The rapid growth of the Internet of Things creates a new wealth of information for cybercriminals to compromise, from our everyday appliances to critical operations, allowing them to steal personal information and cripple resources,” said Andreas Baumhof, chief technology officer at ThreatMetrix. “Apple will soon launch the Apple Watch, taking wearable tech from obscurity to the consumer forefront. It is becoming increasingly imperative that we ensure the information shared through these devices is secure as they will contain, collect, and track sensitive information about our personal physical lives, as well as elements tied directly to our financial being. In addition, point-of-sale system hacks have caused massive damage to major retailers over the past year, as we saw in the Target and Home Depot breaches, among others. Imagine what harm the mass distribution of health and critical infrastructure information can bring to the lives of millions.”

As the Internet of Things and online connectivity of our nation’s critical infrastructure shows no signs of slowing down, ThreatMetrix has outlined several security strategies to address some of the associated risks:

  • Network Segmentation and Isolation – Network segmentation or “zoning” is a popular practice in Internet security. Through network segmentation the possibility of limiting the risk of a data breach to your entire network maximizes. It also can help businesses determine what information to keep on public or private networks.
  • Account Authentication – Username and password authentication is the weakest point of entry for most businesses operating online, often making businesses an easy target for hackers. At this stage, it is irresponsible to protect any information stored online with passwords alone. The use of multiple authentication factors, such as context-based authentication and real-time fraud prevention can help reduce the risk of stolen user identities and fraudulent transactions without disrupting the user experience for authentic customers.
  • Tracking – Tracking data enables businesses across industries to differentiate between authentic and fraudulent transactions and other activity. By identifying anomalies such as hiding behind proxies and virtual private networks or change in shipping address through a global network of shared intelligence, businesses can recognize patterns that represent known threats or never-before-seen patterns that show a potential threat.
  • Secure Updates – It is important that Internet-connected devices are updated on a regular basis to stay one step ahead of cybercriminals as they become increasingly sophisticated.

For comprehensive cybersecurity strategies to be effective and protect Internet of Things devices as well as critical infrastructure, there needs to be collaboration and sharing of information at both the business and the government level, while protecting consumer privacy. The ThreatMetrix® Global Trust Intelligence Network anonymizes and encrypts data to enable businesses to identify threats and keep their business secure without providing any personally identifiable information.

In addition to the overall theme of “cybersecurity is a shared responsibility,” the U.S. Department of Homeland Security outlined weekly themes to commemorate National Cyber Security Awareness Month throughout October. The remaining upcoming themes include:

  • Week Four – Cyber Security for Small and Medium-Sized Businesses and Entrepreneurs
  • Week Five – Cyber Crime and Law Enforcement

ThreatMetrix will continue to support each week’s theme throughout the month. To commemorate National Cyber Security Awareness Month, ThreatMetrix has also signed on as a “Champion” with the National Cyber Security Alliance.

ThreatMetrix Resources

About ThreatMetrix

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

© 2014 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Cloud, TrustDefender Mobile, TrustDefender Client, the TrustDefender Cybercrime Protection Platform, ThreatMetrix Labs, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.

Media Contacts
Dan Rampe
ThreatMetrix
Tel: 408-200-5716
Email: drampe@threatmetrix.com

Beth Kempton
Walker Sands Communications
Tel: 312.241.1178
Email: beth.kempton@walkersands.com

 

 

Building a More Secure Smartphone

Posted on October 7th, 2014 by Dan Rampe

Data-Privacy-Day-Alisdair2

Like many others in Silicon Valley, I waited with bated breath to see what Apple’s iPhone 6 would look like last month. And it wasn’t just to see what my next phone might look like.

From my perspective at ThreatMetrix®, I was eager to see how the new phone handled data security and privacy issues while delivering groundbreaking new features. (For my thoughts on that subject, see the infographic iPhone 6 Cybersecurity Pros and Cons.)

I’m not the only one worrying about mobile devices and cybersecurity. The theme of this second week of the National Cyber Security Awareness Month is “Secure Development of Information Technology Products.” The Department of Homeland Security specifically calls out the need to build security into our phones, tablets and computers.

Why mobile matters: 3 trends to watch

At ThreatMetrix, we analyze anonymized data from across the ThreatMetrix® Global Trust Intelligence Network (The Network). According to data from a recent ThreatMetrix Cybercrime Index™ Benchmark Report, three major trends are emerging that have significant implications for overall cybersecurity.

  1. Mobile usage for online commerce and transactions is increasing. Nearly 50 percent of all new account creations originate from mobile devices, and 30 to 50 percent of all banking logins come from mobile, meaning consumers are entering a lot of sensitive information through potentially insecure mobile apps and sites. Companies and brands behind those sites need to ensure frictionless onboarding experience without sacrificing security.
  1. There is steady growth in the number of high-risk activities originating from mobile devices. The data shows steady growth in the number of high-risk activities detected from mobile devices across The Network. These include suspicious account creation or fraudulent payments, as well as an increase in malware. While devices need to be secure, consumers must also do their part in avoiding jailbreak phones, downloading suspicious apps, and not entering their information on insecure sites and apps.
  1. The number of advanced apps and features on mobile phones is growing. The most recent Apple release of the iPhone 6 arguably came with the largest number of groundbreaking features consumers have ever seen in a new generation iPhone, including Apple Pay, HealthKit and HomeKit. IT product developers are all competing to release the most innovative apps and features, and consumers are jumping at the chance to be first to try them. The more embedded mobile devices are in our lives, the more attractive they become as targets for malware writers and cybercriminals.

The law of unintended consequences

There are often unintended consequences of product design features, and frequently those are security flaws. For example, some of the photos leaked in the recent celebrity nude photo scandal were a result of iPhone photos automatically backing up into iCloud. Many of the people whose photos were leaked may not have even realized they were being stored somewhere else, and much less realized that they were only protected by a simple username/password combination, which has proven ineffective in the wake of recent high profile data breaches. Developers must consider all possible security issues when designing the newest IT products and mobile devices, and top of their mind should be the assumption that the user’s identity and account is the target, not just the device and its encrypted data.

There are few easy answers

If cybersecurity is a shared responsibility, then application developers have to shoulder their part of the burden. We can agree on a few guidelines:

  • Embed security into the design process and try to anticipate those unintended consequences of the newest features you’re adding. In terms of the iPhone 6, Apple has made progress on this front. For example, credit card details for Apple Pay are not stored on the device or in iCloud, so malware that intercepts traffic cannot get the credit card number.
  • Don’t rely on simple logins and passwords to protect customer information. Beyond simple, easy to hack username and password combinations, developers should consider other methods through contextual and behavioral methods to authenticate identities.
  • Developers cannot count on customers taking extra steps to secure their identities or transactions – particularly in the consumer market. Security must be frictionless and embedded at all layers of the information technology stack to keep consumers safe without damaging the user experience.

At ThreatMetrix, we collaborate with many businesses that build and support mobile apps for payments and other valuable transactions. We help them find ways to embed device context and communications into mobile apps to increase trustworthiness without adding barriers for customers.

The road ahead for developers is clear – security can no longer be an afterthought, but must be part of the design process. Beyond the development process, the security of an application resides not in the application itself, but in its context and usage. Improving cybersecurity requires collaboration on all fronts.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

ThreatMetrix Outlines Mobile Trends and Strategies to Help Secure Development of IT Products, Continuing Alignment with National Cyber Security Awareness Month

Posted on October 7th, 2014 by Dan Rampe

Data-Privacy-Day-Alisdair-Normal

As the Annual Initiative Continues, ThreatMetrix Shows its Commitment to Building Trust by Outlining Trends in IT Mobile Security

San Jose, CA – October 7, 2014 – ThreatMetrix®, the fastest-growing provider of context-based security and advanced fraud prevention solutions, today announced trends and strategies for developing secure IT products, continuing its commitment to this year’s National Cyber Security Awareness Month (NCSAM) theme, “Our Shared Responsibility,” as well as the second week’s theme of developing secure devices.

The theme of NCSAM’s second week is “Secure Development of IT Products,” specifically calling out the need for more secure smartphones, tablets and computers. As new feature-rich IT products continue to enter the market at a rapid pace, data security and privacy are a growing concern for both businesses and consumers.

“Last month, consumers around the world stopped what they were doing to watch Apple’s announcement of the new iPhone 6 features,” said Alisdair Faulkner, chief products officer at ThreatMetrix. “Many were interested to see how the new phone handled data security and privacy issues given the celebrity iCloud password hacking incident. The good news is that more sensitive data such as photos and text are now being encrypted on the device, the bad news is that hackers are increasingly targeting user identities and passwords that can be used to decrypt that data because the weakest link is always the consumer.”

To provide evidence that IT products, specifically mobile devices, need to be created with security in mind, ThreatMetrix analyzed the anonymized data across 850 million monthly transactions in the ThreatMetrix® Global Trust Intelligence Network (The Network) to identify current trends in mobile. According to data from a recent ThreatMetrix Cybercrime Index™ Benchmark Report, three major trends are emerging that have significant implications for overall cybersecurity:

  1. Mobile usage for online commerce and transactions is increasing. Nearly 50 percent of all new account creations originate from mobile devices, and 30 to 50 percent of all banking logins come from mobile, meaning consumers are entering a lot of sensitive information through potentially insecure mobile apps and sites. Companies and brands behind those sites need to ensure frictionless onboarding experience without sacrificing security.
  1. There is steady growth in the number of high-risk activities originating from mobile devices. The data shows steady growth in the number of high-risk activities detected from mobile devices across The Network. These include suspicious account creation or fraudulent payments, as well as an increase in malware. While devices need to be secure, consumers must also do their part in avoiding jailbreak phones, downloading suspicious apps, and not entering their information on insecure sites and apps.
  1. The number of advanced apps and features on mobile phones is growing. The most recent Apple release of the iPhone 6 arguably came with the largest number of groundbreaking features consumers have ever seen in a new generation iPhone, including Apple Pay, HealthKit and HomeKit. IT product developers are all competing to release the most innovative apps and features, and consumers are jumping at the chance to be first to try them. The more embedded mobile devices are in our lives, the more attractive they become as targets for malware writers and cybercriminals.

“There are often unintended consequences of product design features, and frequently those are security flaws,” said Faulkner. “For example, some of the photos leaked in the recent celebrity nude photo scandal were a result of iPhone photos automatically backing up into iCloud. Many of the people whose photos were leaked may not have even realized they were being stored somewhere else, and much less realized that they were only protected by a simple username/password combination, which has proven ineffective in the wake of recent high profile data breaches. Developers must consider all possible security issues when designing the newest IT products and mobile devices, and top of their mind should be the assumption that the user’s identity and account is the target, not just the device and its encrypted data.”

To help IT product and application developers shoulder the burden of protecting their customers from cybersecurity, ThreatMetrix has outlined a few guidelines for them:

  • Embed security into the design process and try to anticipate those unintended consequences of the newest features you’re adding. In terms of the iPhone 6, Apple has made progress on this front. For example, credit card details for Apple Pay are not stored on the device or in iCloud, so malware that intercepts traffic cannot get the credit card number.
  • Don’t rely on simple logins and passwords to protect customer information. Beyond simple, easy to hack username and password combinations, developers should consider other methods through contextual and behavioral methods to authenticate identities.
  • Developers cannot count on customers taking extra steps to secure their identities or transactions – particularly in the consumer market. Security must be frictionless and embedded at all layers of the information technology stack to keep consumers safe without damaging the user experience.

“Security can no longer be an afterthought, but instead an important part of the design and user experience process,” said Faulkner. “Good security, when done right, is good for business. While consumers must educate themselves on the security implications of their behavior online, specifically through mobile, businesses should be doing all that they can to protect those consumers from the back end.”

ThreatMetrix’s TrustDefender™ Cybercrime Protection Platform helps many businesses that build and support mobile apps for valuable transactions to embed device context and communications into those apps. This helps to build trust without increasing barriers for the customer.

In addition to the overall theme of “cybersecurity is a shared responsibility,” the U.S. Department of Homeland Security outlined weekly themes to commemorate National Cyber Security Awareness Month throughout October. The remaining the upcoming themes include:

  • Week Three – Critical Infrastructure and the Internet of Things
  • Week Four – Cyber Security for Small and Medium-Sized Businesses and Entrepreneurs
  • Week Five – Cyber Crime and Law Enforcement

ThreatMetrix will continue to support each week’s theme throughout the month. To commemorate National Cyber Security Awareness Month, ThreatMetrix has also signed on as a “Champion” with the National Cyber Security Alliance.

ThreatMetrix Resources

About ThreatMetrix

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

© 2014 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Cloud, TrustDefender Mobile, TrustDefender Client, the TrustDefender Cybercrime Protection Platform, ThreatMetrix Labs, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.

Media Contacts
Dan Rampe
ThreatMetrix
Tel: 408-200-5716
Email: drampe@threatmetrix.com

Beth Kempton
Walker Sands Communications
Tel: 312.241.1178
Email: beth.kempton@walkersands.com

 

 

ThreatMetrix Announces its ThreatMetrix Global Trust Intelligence Network Has Reached 850 Million Monthly Transactions

Posted on September 30th, 2014 by Dan Rampe

Data-Privacy-Day-Reed

In Conjunction with National Cyber Security Awareness Month, ThreatMetrix Announces the Network’s Growth, Exemplifying this Year’s Theme of Shared Responsibility

San Jose, CA – September 30, 2014 – ThreatMetrix®, the fastest-growing provider of context-based security and advanced fraud prevention solutions, today announced the growth of the ThreatMetrix® Global Trust Intelligence Network (The Network), which has recently surpassed 850 million monthly transactions. Additionally, The Network now protects more than 210 million active user accounts across 3,000 customers and 15,000 websites. This milestone validates ThreatMetrix’s commitment to this year’s National Cyber Security Awareness Month theme, “Our Shared Responsibility.”

National Cyber Security Awareness Month (NCSAM) is a program sponsored every October by the Department of Homeland Security in cooperation with the National Cyber Security Alliance and the Multi-State Information Sharing and Analysis Center. Now in its eleventh year, NCSAM has grown to include the participation of a multitude of industry leaders — reaching consumers, small and medium-size businesses, corporations, educational institutions and young people.

The theme of NCSAM’s first week is “Promoting Online Safety with the Stop.Think.Connect.™ Campaign.” The theory behind the campaign is that each individual that participates in online activities needs to take accountability for the safety of the Internet.

“As the ThreatMetrix Network continues to grow, so does our customers’ shared view of cybercrime enabling them to protect their businesses and valued customers by accurately identifying both good and bad online users,” said Reed Taussig, CEO at ThreatMetrix. “The Internet is a fundamental part of all of our everyday lives. We all have an interest and a responsibility to make sure we keep cyber markets and services safe and trusted by consumers. National Cyber Security Awareness Month is the perfect opportunity to educate individuals and businesses on the importance of collaborating for a more secure Internet.”

While businesses must do their part to collaborate on cybercrime prevention by leveraging a collective repository of data such as The Network, the federal government is also doing its part to encourage global information sharing. President Obama’s Executive Order 13636 stresses federal accountability for sharing information with the private sector to protect critical infrastructure such as power plants, communication networks and transportation networks.

Many individuals believe the websites they use are doing their part to protect their privacy while keeping those sites secure. However, for that to happen, businesses need to share a certain amount of customer data across business boundaries. Unfortunately, while information sharing for security purposes in some industries such as financial services is common practice, in industries like retail, businesses are wary of sharing customer information with competitors and others. To effectively collaborate, there needs to be a certain level of trust between businesses and competitors as well as businesses and their customers.

“At ThreatMetrix, we’re aiming to solve the dilemma of building trust on the Internet through information sharing when many businesses are reluctant to do so,” said Taussig. “Through The Network, businesses can securely share information about devices and personas connecting to their sites, without sharing any personally-identifiable information about customers or visitors. ThreatMetrix anonymizes and encrypts information in The Network, so personal identities are never revealed to other organizations.”

The approach ThreatMetrix is taking offers a model for cybersecurity collaboration in all industries. Through anonymization and collaboration, businesses remove the risk of exposing their customers’ sensitive information while protecting this information from cybercriminals.

In addition to the overall theme of “cybersecurity is a shared responsibility,” the U.S. Department of Homeland Security has outlined weekly themes to commemorate National Cyber Security Awareness Month throughout October. These themes include:

  • Week One – Promoting Online Safety with the Stop. Think. Connect.™ Campaign
  • Week Two – Secure Development of IT Products
  • Week Three – Critical Infrastructure and the Internet of Things
  • Week Four – Cyber Security for Small and Medium-Sized Businesses and Entrepreneurs
  • Week Five – Cyber Crime and Law Enforcement

ThreatMetrix plans to support each week’s theme throughout the month. To commemorate National Cyber Security Awareness Month, ThreatMetrix has also signed on as a “Champion” with the National Cyber Security Alliance.

ThreatMetrix Resources

About ThreatMetrix

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

© 2014 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Cloud, TrustDefender Mobile, TrustDefender Client, the TrustDefender Cybercrime Protection Platform, ThreatMetrix Labs, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.

Media Contacts
Dan Rampe
ThreatMetrix
Tel: 408-200-5716
Email: drampe@threatmetrix.com

Beth Kempton
Walker Sands Communications
Tel: 312.241.1178
Email: beth.kempton@walkersands.com

 

ThreatMetrix Kicks off National Cyber Security Awareness Month by Announcing “The Network” Has Reached 850 Million Monthly Transactions

Posted on September 30th, 2014 by Dan Rampe

Data-Privacy-Day-Reed

To make significant progress against cybercrime, we’re all going to have to work together – individuals, businesses and government agencies alike. Security in this connected world requires collaboration, and collaboration requires trust.

Shared responsibility is the theme of this year’s National Cyber Security Awareness Month, a program sponsored every October by the Department of Homeland Security. To commemorate the start of National Cyber Security Awareness Month, we are thrilled to share that the ThreatMetrix® Global Trust Intelligence Network (The Network) has reached 850 million monthly transactions and now protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

While businesses must do their part to collaborate on cybercrime prevention by leveraging a collective repository of data such as The Network, the federal government is also doing its part to encourage global information sharing. President Obama’s Executive Order 13636 stresses federal accountability for sharing information with the private sector to protect critical infrastructure such as power plants, communication networks and transportation networks.

Why aren’t we doing more already?

Each of us needs to take accountability for what we do online – that’s the theme of the Stop.Think.Connect.™ campaign. But as individuals, we are greatly outmatched by size, volume and sophisticated of the cybercrime forces arrayed against us. We also trust that the websites we use are doing the right things to protect our privacy.

In a networked world, businesses need up-to-date, global information about online threats and identities to keep customer data secure. For that to happen, legitimate businesses must share data across business boundaries. But collaborating with your competitors, even for the public good, is a difficult idea in many industries.

In the financial services industry, information sharing for security purposes is an accepted practice. But in the retail environment, businesses are wary about sharing customer information with competitors and others. And of course they need to protect customer privacy.

Effective collaboration requires a degree of trust – and that’s the sticking point.

It all comes down to trust

Doing business online requires a level of trust.

  • Customers trust that businesses will protect their information and use it responsibly.
  • Businesses must trust that customers are legitimate.

Cybercrime eats away at this trust. And, sadly, lack of trust has been the Achilles’ heel of industry collaboration.

Building trust through anonymization and collaboration

Without a broad global context for the people, devices and personas creating accounts, making transactions, or logging into sensitive systems in your network, you cannot trust they are who they claim to be. To get that context, businesses have to share information with many other sites around the world.

Trust requires information sharing, yet information sharing requires trust.

At ThreatMetrix, we’re working to solve this essential dilemma. Through The Network, businesses can securely share information about devices and personas connecting to their sites, without sharing any personally-identifiable information about customers or visitors. ThreatMetrix anonymizes and encrypts information in the network, so personal identities are never revealed to other organizations.

This approach offers a pattern for other cybersecurity collaboration efforts. We need to find ways to increase information sharing around online security and global identities, and the best way to do this is to remove the risk of exposing information we need to keep private.

The more we share information about global threats, the better we can protect legitimate business and build online communities that are truly worthy of trust.

In addition to the overall theme of “cybersecurity is a shared responsibility,” the U.S. Department of Homeland Security has outlined weekly themes to commemorate National Cyber Security Awareness Month throughout October. These themes include:

  • Week One – Promoting Online Safety with the Stop. Think. Connect.™ Campaign
  • Week Two – Secure Development of IT Products
  • Week Three – Critical Infrastructure and the Internet of Things
  • Week Four – Cyber Security for Small and Medium-Sized Businesses and Entrepreneurs
  • Week Five – Cyber Crime and Law Enforcement

ThreatMetrix plans to support each week’s theme throughout the month. And, to commemorate National Cyber Security Awareness Month, ThreatMetrix has also signed on as a “Champion” with the National Cyber Security Alliance.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.