Mastercard Shows Why Your Vendors Had Better Take Security Seriously

Mastercard just announced that it was acquiring global threat intelligence company Recorded Future from Insight Partners for $2.65 billion. Recorded Future has more than 1,900 clients across 75 countries. That includes governments of 45 countries and half the Fortune 100.

Recorded Future “provides real-time visibility into potential threats by analyzing a broad set of data sources to provide insights that enable its customers to take action to mitigate risks.” This will add to Mastercard’s identity, fraud prevention, real-time decision-making, and cybersecurity services. Both companies claim to use artificial intelligence — without explaining exactly what they mean by it, as there are many types of AI technologies. But the point is that they make use of advanced technologies to ensure security.

This is important because companies of all types frequently assume that security happens internally, perhaps with the assistance of a cybersecurity consultancy. But modern digital business isn’t an older model of a self-contained company that acts like a closed box. Other companies selling products or services might get to the door, drop off what the first company wants, and drive off. There are inevitably many forms of interaction that take place digitally.

For example, office applications, design software, scheduling a delivery, taking orders online — all these and many other activities are done primarily online. Companies communicate with partners and customers; employees perform competitive and market research.

This creates thousands and maybe millions of potential weaknesses. Some years ago, criminals attacked a major retailer through a point-of-sale device. They were successful and gained access to many customer records.

Companies are engulfed in webs of interaction. None are the center of the universe. They all can be reached in many ways by almost anyone.

Mastercard is an enormous company that wants to make as much money as it can through its areas of expertise and business connections. Given its main business, it must have enormous security expertise in-house. Even if it wasn’t trying to sell services, it would need the capabilities anyway.

Commercial real estate firms are no different. Not that each will be selling security services to other companies. However, it is important to recognize not only the need to have levels of expertise, but to investigate close partnerships to ensure that those other firms also have significant expertise in and dedication to security.