All posts by Doug Clare

Fraud & Security 5 Reasons Cyber Scoring Is the Next Big Idea for Credit Unions

Cybersecurity posture score dial

The greatest risk to credit unions and CUSOs today is the loss of your members’ trust and financial safety. Can your institution survive a cyber breach? Understanding your cyber risk is a critical part of protecting yourself and your members. That’s why we launched the FICO® Enterprise Security Score last year. And now, our cyber score has been selected as one of 5 big ideas to be presented at the National Association of Credit Union Service Organizations (NACUSO) 2017 Network Conference “Next Big Idea Competition.” Why is cyber scoring the next big idea for credit unions? Fraud/cybersecurity is the top priority for credit union CEOs and, by extension, CUSOs. Today’s breach risk measurements are inadequate and inaccurate. They’re manual rather than scalable, judgmental rather than empirical, point-in-time rather than predictive. ESS is rapidly deployed. You don’t install software, you just throw a switch. ESS is multi-tenant, so CUSOs can rapidly... [Read More]

Leave a comment

Fraud & Security Hackers vs. Dracula: Biometrics Are No Silver Bullet

Bela Lugosi as Dracula

I’m not a big fan of vampire movies—I’d pick Blackhat over Abraham Lincoln: Vampire Hunter any night of the week—but there are a lot of similarities between hackers and vampires. First, they’re afraid of the light. What hacker wants his true identity to be revealed? Second, they suck the blood out of their victims. Whether stealing data or demanding payment for ransomware, “bloodsucking” is one of the kinder adjectives used to describe cyber criminals. However, even though vampires are theoretically immortal, vanquishing them is pretty straightforward; any True Blood fan can tell you that a wooden dagger or silver bullet will do the trick. It’s not quite so easy to stop hackers in their tracks.  Encryption can be effective …  … but it’s not a stake through the heart of hacking. Data encryption is a highly effective defense against hackers, particularly in achieving HIPAA compliance to protect Protected Health Information... [Read More]

Leave a comment

Fraud & Security Report from RSA: Bangers, Mash, Security and OpportUNITY


The RSA Conference has descended upon San Francisco’s Moscone Center, bigger and more energizing than ever. With security an agenda-topping concern of many CIOs in 2017, the fervor to fight cybercrime is at an all-time high. While there was a wide range of top-of-mind topics being discussed, two topics in particular continued to show growing interest – artificial intelligence and cyber insurance. More on that in a minute. The theme of this year’s RSA Conference was “The power of opportUNITY,” and we had plenty of opportunities in San Francisco to showcase FICO’s unity with security professionals and industry influencers on similar missions. Two of these events took place in informal settings designed to encourage networking and dialogue: The Cyber+IoT Bangers and Mash Roundtable Breakfast, held on Tuesday morning in conjunction with the San Diego industry organization CyberTECH. This panel session focused on “Securing the Smart City” and featured guests such... [Read More]

1 Comment

Fraud & Security What Does Your Wearable Tech Tell a Cybercriminal?

Runners with wearable tech

The short answer: potentially a lot more than you intend. Let’s say you take a walk or run early every morning, on the same route in your favorite park, before the sun comes up. Your fitness wearable times your run, tracks your progress, and calculates your distance based on location, which is great—until that information, stolen during a data breach, ends up in the hands of a cyber stalker. Now, all of a sudden, you’ve unwittingly been put in a very vulnerable place. It’s true, this type of theorizing can be a little macabre. So are the ethics of self-driving cars, and many other aspects of the new world of artificial intelligence we now inhabit. The reality is, every category of technology carries inherent risks, and as people become more connected with technology in every aspect of their lives, we must be cognizant of those risks. New technology creates new... [Read More]

Leave a comment

Fraud & Security 5 Cyber Predictions for 2017: Will Your Fingerprints Get Hacked?


In the world of cybersecurity, 2016 was a banner year – and not in a good way. From the Bank of Bangladesh/SWIFT heist in February to the Dyn DDoS attack a few weeks ago, the year’s wild attacks have one thing in common: They were proof that hacker innovation is on a growth trajectory. That’s the bad news. The good news is that businesses and consumers are also much more aware of cyber threats than they were 12 months ago, and that’s the jumping off point of my cybersecurity predictions for 2017. 1. Consumers will care a lot more about the security of the companies they do business with. With hackers hitting organizations from the Internal Revenue Service to the University of California, Berkeley in 2016, consumers are more anxious than ever about the downstream financial crime that follows data breaches. In 2017, consumer demand will emerge around wanting to... [Read More]

Leave a comment

Fraud & Security Cyber Risk Transparency Is Good for Insurance – and Business

Cyber risk score gauge

“What gets measured gets managed,” might be the oldest saw in the business universe. But in my mind, it is closely followed by another: “What gets measured gets monetized.” And that is exactly what is happening today in the booming, yet very-brand-new market for enterprise cyber breach insurance. Specifically, I believe that the new FICO® Enterprise Security Score (ESS), a metric that quantifies the vulnerability of an organization to cyber attack, will dramatically catalyze the growth of the cyber breach insurance market. ESS can be used by an enterprise to understand its cyber risk and shore up defense gaps. It is also an important assessment tool for third parties such as potential business partners and, notably, cyber insurance providers. With its quantitative, empirically derived analytics, FICO ESS will drive objective risk measurement, transparency and predictability into both breach insurance underwriting and longer-term portfolio management––essential requirements in monetizing the rapidly evolving market... [Read More]

Leave a comment

Fraud & Security What’s Your Organization’s Cyber Score?

Meter for cybersecurity risk

What if there were clear measure that told you how protected your organization is from cyber threats? The potential benefits of such a score are clear. It could help security professionals address gaps, and help the boards of public companies prioritize security investments. It could also enable third parties, from partners and potential customers to insurers, understand a firm’s security risk. This is precisely what FICO is developing: a FICO® Enterprise Security Score to rank an organization’s level of cybersecurity risk. Today we announced that we have acquired QuadMetrics, an innovative cyber risk security scoring company, to further this effort. We see the FICO Enterprise Security Score as an essential complement to FICO® Falcon® Cybersecurity Analytics for threat detection. With the acquisition of QuadMetrics and the infusion of FICO’s analytic scoring methods, FICO will provide both cybersecurity defences and an enterprise-level “cyber score” that gives an empirical, impartial measure of... [Read More]

Leave a comment

Fraud & Security Is AI Wrong for Cybersecurity?

Dark Reading logo

I’ve just participated in a debate over analytics vs. encryption for cybersecurity, on the InformationWeek Dark Reading website. This is a sign of the times — the cyber space is so hot that technologies are being treated as rivals, jockeying to win your infosec budget. The truth is, it isn’t an either/or proposition. As I note in my article, arguing against encryption would be a bit like arguing against locks on doors. Strong encryption – like firewalls and user authentication – is a basic defense against the damage that might flow from a successful attack on information infrastructure. But encryption is not foolproof, and it shouldn’t be your one means of defense. As artificial intelligence and analytics have come into play, there has been some criticism — often from competing vendors who misunderstand or misrepresent how AI works. In the past, cybersecurity analytics were focused on gathering data about compromises,... [Read More]

Leave a comment

Fraud & Security Like Sherlock, We Need Details To Fight Cyber Crime

Sherlock Holmes with magnifying glass

“Data! Data! Data! I can’t make bricks without clay.” That’s what Sherlock Holmes says in “The Adventures of the Copper Beeches,” and the same goes for the data sleuths today trying to stop cyber crime. It’s a positive sign that lawmakers recognize this need. Information sharing has become of the fundamental tenets of cybersecurity being discussed by regulators on Capitol Hill. But the data we need is more than what is being proposed in some regulatory plans. On March 3, the House Commerce Subcommittee on Oversight and Investigations held a hearing on “Understanding the Cyber Threat and Implications for the 21st Century Economy.” Greg Shannon, Chief Scientist of the CERT Program at Carnegie Mellon University, spoke to this need: “Richer data needs to be shared with the research and development community — meaning not only incident data but also datasets that enable understanding of what ‘normal’ resembles (in terms of... [Read More]

Leave a comment

Fraud & Security Using Predictive Analytics To Advance Cybersecurity

Fraud locks

FICO has been investing heavily in cybersecurity analytics and related software solutions, including proof-of-concept partnerships over the last 18 months. This work has met with a tremendous reception as we presented it to prospective partners, clients and industry analysts. Not surprisingly, given our deep expertise and IP assets in fraud, our approach goes a long way to untangling the deeply intertwined problems of cybercrime, data theft and subsequent fraud. We have just announced our first solution, FICO® Cyber Security Analytics. We have leveraged our formidable arsenal of unique assets — including our streaming data infrastructure, patented profiling technology and self-learning analytics — to create a solution that closes the gap left by today’s cybersecurity solutions. That gap is illustrated by the chart below. The current approach of gathering data on a compromise, developing a threat’s “signature” and then using that signature to protect against future threats, results in massive time... [Read More]

Leave a comment