It’s an understatement to say that 2018 was a year of blockbuster data breaches: Facebook, Marriott, Ticketmaster and British Airways, to name just a few. As mega-breaches have become the norm, the crescendo of clamor can no longer be ignored; the reality of the true state of threats (immense) and companies’ preparedness (inconsistent, at best) is setting in.
Thus, a couple of weeks from now we’ll ring in 2019, the Year of Cyber Insecurity: 52 weeks in which companies of all sizes and industries will experience a new level of fear – and in some cases panic – in realizing their vulnerability to data breaches, hacking and other cybercrimes.
The good news is that 2019 will also provide a tipping point: these same organizations will be shocked into taking a more clear-eyed assessment of their cyber security posture, and strong actions to improve their cyber defenses. Here are two ways they’ll work to cure their cyber insecurity.
Get a Reality Check, Continuously
It starts with increased awareness. Last year I predicted there would be huge uptake in cyber risk assessment tools like the FICO® Cyber Risk Score. That became particularly true when FICO and the U.S. Chamber of Commerce announced the first national cybersecurity assessment, called the Assessment of Business Cybersecurity (ABC). The ABC provides an overall metric for the private sector economy, as well as other comparison points for organizations by size and sector. The U.S. Chamber noted:
- The ABC is based on scoring more than 2,500 U.S. companies using the FICO® Cyber Risk Score, an empirical standard for assessing cybersecurity risk
- The U.S. Chamber and FICO are using the ABC to raise awareness of cybersecurity risk levels, and to provide an ongoing benchmark for tracking trends in cyber threats and encouraging improvement in organizational cyber posture
By getting a free Cyber Risk Score subscription and tracking their individual score against the quarterly ABC, organizations in the U.S. can, for the first time, get an empirical reality check on the efficacy of their cyber defences — and receive clear direction on areas to improve. That's the best way to deal with cyber insecurity.
Improve Cyber Hygiene
It’s a well-publicized fact that internal errors are a major factor in data breaches. In some industries, it’s the biggest. The 2018 Verizon Data Breach Investigations Report said that internal actors are responsible for 56% of breaches in the healthcare vertical. The report also said that errors cause 35% of healthcare data breaches: “Errors (i.e. mistakes) caused more data breaches in healthcare than any other type of action. Examples of errors include misdelivery, misconfiguration, and disposal errors. Healthcare also had more than three-times more data breaches attributed to errors than any other vertical.”
This damning information can be caveated by noting, “…as with the public sector, this comparison is likely skewed by Verizon’s sources for data breach information and also the stringent reporting requirements of industry regulations.”
At the end of the day, cyber security is really a people problem. We make mistakes, we fail to follow policies, we overcommit resources, understaff projects, and we sometimes put people into jobs they are not ready for. In our research around cyber risk quantification, FICO has learned conclusively that the most predictive features in modeling future cyber outcomes are behavioral, not conditional.
In other words, how and how well you manage your network is more correlated with breach outcomes than the presence of specific vulnerabilities. My point here is that companies need to focus at least as much on training, awareness, policy, and policy adherence as they do on technology and infrastructure. That’s a great New Year’s resolution for everyone.
Best wishes for a cyber-safe 2019, and a cure for your cyber insecurity. Follow me on Twitter @dougclare to keep up with FICO’s latest cyber developments. Cheers!
While you’re here, why not check out our other prediction pieces for 2019
- Government Predictions 2019: Automate, Enhance and Secure
- Analytics Predictions 2019: Machine Learning & Data Efficiency
- Consumer Banking Predictions 2019: Four Trends to Watch
- Public Policy Predictions 2019: Regulatory Reforms Ahead
- Fraud & Payments Predictions 2019: Go Cashless – with Care
- Collections Predictions 2019: SOP Won’t Cut It
- Analytics Predictions 2019: Innovations for Ethical AI