FICO: Your Company’s Cyber Score Will Be as Important as Its Credit Rating

Cybersecurity Predictions 2018: Cyber Scores and Stolen Eyes

“The more things change, the more they stay the same.” That 1849 quip from Jean-Baptiste Alphonse Karr somehow seems fitting for today’s cybersecurity industry. In 2017 we saw massive change in the speed, creativity and magnitude of attacks — yet the industry plodded along on important issues such as timely data breach disclosures.

Taking both ends of the spectrum into account, my cybersecurity predictions for 2018 involve cyber scores, 2FA and bio hacks.

Your Company’s Cyber Score Will Be as Important as Its Credit Rating

In an interview with TechRepublic a few days ago, Gartner research director Jeff Wheatman said, “It’s no longer just about understanding whether a company you’re going to do business with is credit-worthy, we need to understand what their security posture is, because it’s going to have an impact on our security posture.” TechRepublic added: “Historically, organizations would go to credit rating agencies and find out the creditworthiness of their partner, but now that companies are handing out data to their partners, they need to understand what their posture is. As a result of this, we’ve seen a big uptick in the market for security rating services, he [Wheatman] said.”

Exactly! In 2017 FICO has seen a surge in adoption of our Enterprise Security Score, as both cyber insurance providers and their corporate customers recognize the value of an objective measure of cyber security risk.

In 2018, I predict that the awareness and usage of enterprise cyber scores will skyrocket. Just as retailers like Costco and Walmart hold their vendors to high standards in logistics and inventory control, in 2018 we will see vendor contracts being terminated, or just allowed to expire, due to the measured level of cyber risk, as encapsulated in independently generated cyber scores.

Two-Factor Authentication Will Become Nearly Ubiquitous

Although the word “ubiquity” may have gone out of fashion (along with a lot of other buzzwords from the dot-com era), it’s an accurate description of how two-factor authentication will really take off in 2018. 2FA isn’t new, but as a component of the multi-factor authentication required by the PCI standard, it’s set to become much more prevalent before it gets replaced by something newer or better.

The reality is, two-factor authentication is extremely effective. With stolen login credentials being a dime a dozen on the dark web, a well-implemented 2FA renders them nearly worthless. Expect to see rapid expansion of 2FA in both consumer applications, as well as fronting access to data and resources in the workplace.

2FA won’t solve all of our security problems, but it’s a relatively inexpensive solution that takes a big bite out of issues related to user authentication. And users don’t yet seem too annoyed by the extra step.

We’ll See Our First Biometrics Hack in 2018

It’s true that my predictions blog for 2017 included the ominous statement, “Biometric security data may become the biggest security vulnerability of all.” I still believe that, now even more with the mainstreaming of biometric security measures like the iPhone X’s Face ID facial recognition. The same iPhone X recently unlocked itself for two different women, illustrating the inherent fallibility of biometric authentication techniques.

But the confusion of two human beings is not the only problem. The more menacing problem is that as leveraged for security applications, biometrics are nothing more than the stored digital interpretation of a biological feature, which is then associated with your account credentials. Those digital files can be spoofed, stolen or simply rearranged to point to a digital identity other than your own.

Sure, it’s difficult. But at one time it was considered difficult to counterfeit a magnetically encoded check or credit card. Biometrics are neither fool-proof nor fraud-proof. And when someone replaces the digital interpretation of your retina with their own, and does a sufficient job covering their tracks, good luck proving that you are really you! The honeymoon of confidence in biometrics is undeserved, and it won’t last.