Oct 03Cybersecurity and Shared Responsibility
It’s October – and our thoughts turn to pumpkins, Halloween, and … cybersecurity?
October is National Cyber Security Awareness Month. Of course, every month is cybersecurity awareness month at ThreatMetrix™. (See our previous blog, “ThreatMetrix Finds Half-a-Billion Ways to Celebrate National Cyber Security Awareness Month as ‘The Network’ Reaches 500 Million Transactions-a-Month.”)
But the connection with Halloween is appropriate. In October, children dress in spooky disguises and threaten to “trick” you if you don’t provide a treat. Everyday online, people disguise their true identities to trick you out of money or data. The online world can be a dark and spooky place.
It’s been a frightening year in terms of cybersecurity, with an exponential growth in data breaches, increasing DDOS attacks against banks, new Trojans and nation-state actors. Did I mention NSA/Prism?
But I want to focus on this week’s cybersecurity theme: shared responsibility.
We’re All Responsible for Cybersecurity
We all depend on the Internet as a fundamental part of our daily lives, whether through paying bills online, connecting with friends on Facebook, shopping online, or simply browsing for movie times.
• According to Symantec, 24% of online adults can’t live without the internet and 41% say they “need the internet in their everyday life.”
• At the same time, 431 million adults experienced cybercrime in the past year with more than 1 million victims per day, or 14 per second.
We all have an interest in making the online environment safe. And the first step to increasing overall security is working together – collaborating for a more secure Internet.
What does shared responsibility mean in this context? Of course we all have an obligation to use good practices to protect our own data. That’s an essential first step – but not enough. To really make the online world a safer place, we need to actively work together by sharing information.
The Power of Shared Information
Many companies feel that security is a competitive advantage and treat security information as a private business asset. This approach is counterproductive – it works in the favor of the bad actors by disguising the patterns that can only be seen at scale.
At ThreatMetrix™, we see the enormous value of collecting, analyzing and sharing information on a global scale. When people and companies share threat information, they can expose bad actors, alert others to emerging threats, and help to raise the security profile of the Internet as a whole.
Across our global network of customers, we analyze more than 500 million events on an ongoing basis, cross-correlating anomalies and behavior across transactions from almost 2000 customers. Each of our customers shares their transaction information with the global network – and receives in return global insight and perspective into new potential threats.
We don’t just share a proprietary “risk rating” with each customer – instead, we also provide all of the rich data we used to reach our decisions. We make the raw data (anonymized to protect personal identities) available to our customers to support their ongoing security efforts.
For example, when a customer queries the ThreatMetrix™ Global Trust Intelligence Network (The Network) about a specific transaction, we analyze it and assign a risk score, based on the customer’s rules. If we find the person making the transaction is hiding behind a proxy, we also share the raw information about the proxy address, the real IP address, known history of that IP address, etc. The business can use this rich data to inform other fraud or security decisions.
Given the rapid change in online threats, we believe that sharing information on a global scale is the best chance legitimate businesses and consumers have for fighting the constant threats. If cybersecurity is a shared responsibility, then we all need to step up to that responsibility and stop treating security as something that any one company can control.