"Helping Companies Prioritize Their Cybersecurity Investments"

One of the reasons as to why cyberattacks continue to grow in frequency and sophistication is because there is a lack of information shared about how these attacks occur. Companies that experience cybersecurity incidents often refrain from reporting them because they fear that their reputation will be damaged, and their competitors will gain insight into their security flaws. Companies should be able to use data gathered from cyberattacks to develop quantitative measurements of their security risk in order to prevent such attacks from happening again. Many organizations do not know which types of attacks would result in significant financial losses. Therefore, they do not know how to use limited security resources efficiently. MIT's Computer Science and Artificial Intelligence Laboratory (CSAIL) developed a new data aggregation platform called "SCRAM," which stands for "Secure Cyber Risk Aggregation and Measurement." This platform aims to help companies quantify their security level, understand how their security compares to other organizations, evaluate whether they are correctly investing in security, and more, without requiring them to disclose sensitive system data. This article continues to discuss the application, development, and goals of the SCRAM system.

MIT reports "Helping Companies Prioritize Their Cybersecurity Investments"