DynaRisk has announced a partnership with UK charity Victim Support. The deal is the first between a charity and a cyber security company. It is aimed at providing help for victims of cyberattacks and fraud. The company will help victims to decrease their vulnerability to further attacks.
Andrew Martin, CEO and founder of DynaRisk said: “From TalkTalk to Yahoo! to Equifax, organisations simply can’t guarantee the safety of the personal data that we hand over to them. Recent cyberattacks have exposed huge amounts of personal data, which can often lead to knock on problems for the consumer such as phishing attempts, bank fraud, hacked emails and ID theft. This can have a significant financial and emotional impact, and consumers really need a next step – which is why we chose to be part of a wider support network with Victim Support.”
What is DynaRisk offering?
DynaRisk generates what is known as a Cyber Score. Think of it as the cyber equivalent of a credit score. It plans to provide free access to its tests so that UK citizens can identify their Internet security risk.
This is done by using a set of 50 different risk factors. While the fine details of all the tests is a secret, DynaRisk has disclosed some of them. It scans local devices for vulnerabilities, checks patch levels and software updates. This is pretty standard fare and it will be interesting to see if being part of a Cyber Score increases security.
The company will also scan for user data in any online data dumps from security breaches. There are a number of companies doing this already. However, none of them give much detail other than “your data found”. There is no evidence that DynaRisk will offer anything else such as more detailed information on what dump, where the data is and the details of that data. As the data is likely to contain passwords and account data, knowing exactly what is available will prompt users to change passwords.
DynaRisk will also help users develop their own support plan. It will be tailored based on the risk assessment. For those with multiple devices, who shop online and are regular travellers this will be interesting.
What does this mean?
This sort of deal with a charity that represents victims is long overdue from any security vendor. However, one reason for that might be that it is fraught with danger. We’ve seen attempts to get users to tighten security before. Virtually every desktop security software vendor tries to improve patch management. Microsoft and other vendors are even forcing patches on users which has had limited improvement in security.
Part of the problem is that there is a distrust with traditional AV solutions. These are all capable of doing more than just scanning for signatures. They can scan for missing patches and either apply them or push the user to apply them. Most stop short as they feel that it is not their place to do this but in doing do leave users open to attack.
What is not clear is how far DynaRisk and Victim Support will go. Will they keep reminding users to apply patches? How quickly will missing patches damage a credit score? What happens when a user has a hardware firewall and chooses not to use the built-in Windows firewall? This is an area that has always been a problem in the past.
It will also be interesting to see if insurance companies become interested in this Cyber Score. Will it lead to lower household insurance where there is a cyber security element? It certainly has an impact on insurance around credit card loss. If a credit card company discovers your Cyber Score is low and there is an enhanced risk of fraud on your account, will they raise your interest rates to compensate or even lower your credit limit?
Despite these issues this is a good deal for victims and even those who have yet to become victims