Security by obscurity?

September 29, 2021

Cyberattacks are a daily news item and consumers as well as businesses around the world are flooded with daily reports of new ransomware attacks, phishing scams and websites taken offline by evil hackers. Yet among this abundance of alarming reports, there is very little information made available to individuals and organizations alike about the magnitude, occurrence and impacts of cyberattacks. More specifically, if you are an SMB in the clothing industry in France, how can you learn about the likelihood of your business being a victim of a cyberattack based on trends in your location, your industry or your type of business? For many the threat of a possible cyberattack remains something to be avoided and - understandably so - a topic one would rather ignore.

As a recent study showed, 43% of cyberattacks are aimed at SMBs, but only 14% are prepared to defend themselves, exactly for the same reason that people avoid thinking about potential ailments they may get or diseases that may strike. But if the world has learned anything from the COVID-19 pandemic, even if one has health insurance, if people are not prepared to face rare but extremely impactful events, then the costs could be lethal.

Resilience requires us to plan ahead and watch for potential catastrophic events, and the same goes for cyberattacks. So, building resilience against cyberattacks starts with being informed about the risk and likelihood of becoming the next victim. One would expect that it’s in the general interest of all to provide extensive and accurate information about cyberattacks trends and patterns, yet none can be found easily and in some cases the only way to obtain it is by paying a commercial business to share it. This seems an unfortunate manifestation of a “security by obscurity” strategy that really only benefits the malicious actors behind all cyberattacks.

I therefore am starting an initiative to shed light on the hidden world of cyberattacks, and use the power of data and information to boost our collective knowledge of threats and threat vectors, thereby automatically boosting our collective security. Starting with a monthly summary chart of global cyberattacks, I encourage all to share their data about known cyberattacks, and allow users across the globe to browse the insights in an interactive chart that can give individuals and businesses some sense of the potential of becoming a victim of a catastrophic event like a cyberattack. This data can then also be used to develop a more predictive model of where cyberattacks are likely to strike, akin to a weather forecast map that provides near-real-time information about impending tornados or flash-floods.

Cyber attacks overview