Security News > 2020 > September > MIT scientists unveil cybersecurity aggregation platform to gauge effective measures
Scientists from MIT's Computer Science and Artificial Intelligence Lab have stepped up trying to change that with a newly built platform called SCRAM. The acronym, which stands for "Secure Cyber Risk Aggregation and Measurement," seeks to address this longstanding cybersecurity reporting issue by taking advantage of new cryptographic tools that can calculate aggregate statistics without needing organizations to disclose information about their own attacks and losses to anyone else-even to the scientists themselves.
MIT released a study on the platform, in which it took internal data from seven billion-dollar companies and examined the security incidents they dealt with.
For its first run-through test, the scientists used the cryptographic platform to look at benchmarks of the adoption rates of the Center for Internet Security's 171 critical security measures across six large firms and links between monetary losses from 49 security incidents and the specific subcontrol failures implicated in the incident.
For the next run, the MIT scientists are hoping to have a larger pool of data so that more companies can judge themselves against their peers when it comes to security sophistication.
In addition to data on how many of the Center for Internet Security's 171 critical security measures were being implemented by each organization, the study also examined the individual monetary losses from each attack and asked enterprises to indicate which sub-control failures were responsible.