Cybersecurity has been a hot button topic as of late, much more that it has been in the last decade or so.  Corporations are finding themselves caught between the hammer and an anvil.  On one side they have their users clamoring for better protection of their personal data.  And, on the other side, you have federal regulations that carry with them heavy penalties were it proven that a company neglected to reveal, patch or take action upon a hack, breach or cyberattack of some sort.  With that being said, an overwhelming amount of corporations have or will suffer a breach of some sort, but the public is not hearing about them.  The reason is that these companies want to keep everything on the hush-hush and will either try to solve the problem or capitulate to cyber criminals demands without anyone else being the wiser.

Understandably, this is an issue with users, regulatory bodies, and even insurers.  The latter group is worried about the payouts for their cybersecurity policies.  Fortunately, for all, Microsoft believes that they have come up with a solution to identify companies that are at great risk of being breached.  Microsoft’s Office suite of programs has been a staple of corporate environments for decades now, ever since Windows 95 rolled out.  These days it is the de facto suite of processing and productivity programs for the majority of businesses operating in the world today.  By using this reach, Microsoft has recently released an update on Office365 that will now judge a companies cybersecurity defenses based on 77 individual criteria.  To give some context, when Microsoft first tested out this idea in August 2015, they only looked at 27 security configurations.

Corporations will now receive reports on how exposed they are to cyber attacks.  It will also give them advice on how to strengthen their cybersecurity, such as by implementing multi-factor authentication or downloading patches and updates.  Some corporations view this as a godsend as they lack the technical expertise to correctly identify the gaps in security and determining the correct fix.  However, for some companies, this may pose as a point of concern.  No longer can they hide behind the veil of ignorance, claiming that they “didn’t know that there was an issue with their current security measures”.  It is tough to play dumb when you are being given a report showing your cybersecurity’s shortcomings.

In essence, Microsoft has given companies a way to measure the efficacy of their cybersecurity and has also given them a potent tool to take a proactive approach in the matter.  However, that fact that a companies scorecard can be compared to another also gives users, the government and insurers a way to rank these companies.  Users may want to do more business with companies that have a higher security rating.  Governments can easily single out companies with poor ratings.  Insurers, on the other hand, can compare the ratings of each company and use that information in a risk management assessment when compiling cybersecurity policies.

Article by David Share