Rating Companies’ Cybersecurity Preparedness May Lead to Stronger Sites

Business – UConn Today

Increased awareness about certain types of cybersecurity breaches leads companies to make improvements, according to a new international study by a University of Connecticut researcher and her counterparts.
The study quantified the security levels of more than 1,200 Pan-Asian companies in order to determine preparedness against cybercrime. Researchers conducted the randomized field experiment on organizations in Hong Kong, China, Singapore, Macau, Malaysia, and Taiwan – chosen for their significant economic development, as well as rapid adoption of technologies.
They evaluated organizations’ preparedness against two distinct security issues – spam emissions and phishing website hosting – and assigned an information security score, similar to the idea of Moody’s and Standard and Poor’s credit ratings. The score offered an indication of each organization’s security vulnerabilities.
Then the group of researchers, including Shu He, an assistant professor of operations and information management in the UConn School of Business, published the rankings online to determine whether or not the public nature of the data resulted in any changes to firm practices.
Spam usually consists of unsolicited bulk messages sent out by compromised “zombie” computers controlled by cyberattackers, while phishing refers to fraudulently obtaining sensitive information, such as passwords and credit card details for malicious reasons.
When cyberattacks were less likely to directly harm a company, such as spam and phishing, organizations were unlikely to prioritize security improvements. Yet researchers found that their information disclosure successfully motivated companies to fix issues related to spam emails and non-hosting companies to solve the phishing problems.

The study says cyberattacks grow in prominence every day, noting that 2017 was the worst year to date for data breaches.
Publicizing firms’ security levels not only leads to greater transparency, but it could also be used to strengthen their security over time. In addition, organizations with poor performance could face greater pressure from their customers and a loss of reputation, say the researchers.
“ …

Read More