In this digital age, online identities and ecommerce orders come and go at the speed of light. Too often, cyber security experts must play catch-up. Effective use of data can shed light on the ever-evolving intricacies of cyber threats, but the decision-makers must understand exactly what needs to be secured in order to protect it. Recent legislative action marks progress and a step in the right direction but does it protect consumers from the biggest threats?
The interwebs are rife with cyber threats, with security breaches and hacking becoming especially rampant in the past 18 months. In light of the recent data breaches at Target, Anthem, and Home Depot, the hacking of multiple Department of Defense sites, as well as the ever-growing losses to online fraud, American policymakers are turning their attention -- and budgets -- to cracking down on digital security. Last week, President Obama signed an executive order to create the Cyber Threat Intelligence Integration Center. The goal of CTIIC is to protect companies that share information about cyber threats with analysis firms. The executive order reinforces a 2014 statement from the Justice Department and Federal Trade Commission that authorizes companies to share information that might help to prevent online criminal activity, even if that information might otherwise be covered by antitrust laws.
But cyber crime includes more than just high-profile data breaches; it spans organized online crime, fake credit cards, and various other misdeeds committed behind a glowing screen. Business Insider estimates that data breaches in 2013 contributed $500 million to payment card fraud. While protecting against breaches is undoubtedly important, the overall fraud ecosystem is much larger. In fact, BI estimates the overall cost of payment card fraud in 2013 was seven BILLION dollars. That's right 7 billion dollars - with a capital B! Let's do some math: $500M divided by $7B equals roughly .07. Now multiply that by 100 and we see that data breaches contribute only 7% to payment card fraud.
While technology solutions can effectively punch holes in the systems that hackers build, we agree with President Obama -- data is the key ingredient required to connect global fraud fighters, policymakers, and information holders.
The type of data sharing proposed by President Obama offers a viable, scalable, and highly relevant weapon against cyber fraud. Nonetheless, legislation is just one weapon in the arsenal that we must use to combat online criminals. The focus on large-scale data breaches feels short-sighted. The criminals that orchestrate data breaches, steal credit card information, and hack accounts work to keep their attacks under wraps, moving quickly to new victims once succeeding (or failing) with old ones. By safely and responsibly leveraging the information that each site or organization has about known bad users, stolen identities, bad IP addresses, and other characteristics, the better chance we as a society have of defeating cyber criminals.