We attended RSAC 2024 in San Francisco from May 6-8. Our days at the conference were packed with back-to-back briefings.
Here’s some notes on our briefing with Paul Mander (GM, Optery for Business) of Optery. The briefing was organized by the Optery team.
Key takeaways from the briefing and some additional research:
- Optery has been in business for four years. There’s a consumer play and a business play. Paul is the GM of the business side.
- The key idea behind Optery is the removal of unwanted, unwarranted, or excessive personal data held across the internet, most of it due to surreptitious data sharing agreements between a site where an individual has an account or presence and a host of data aggregators and brokers. This sharing of data results in the creation of personal and sensitive data sets on individuals – name, address, contact details, etc. – being more widely available than what the individual has directly authorized. Optery says they find an average of more than 100 profiles per person.
- On the consumer side, individuals can sign up to Optery’s service for free. Optery periodically scans for personal data held by data broker companies (at over 330 sites at the time of the briefing) – and can scan on demand for a consumer, too. If data that the individual wants to control is located on any sites they haven’t authorized, Optery will send removal requests on behalf of the individual. While there is no fee for periodic scanning, there is a fee for instantiating the data removal process. Pricing for removal is graduated by the number of sites and the approach taken by Optery. See Optery’s site for consumer pricing and details, including the list of data broker sites covered by removal requests (depending on pricing tier).
- On the business side, Optery thinks about employee PII as an “attack surface” – that the ability for someone to gain knowledge about employees based on data they / their business hasn’t authorized for release and aggregation, creates opportunities for assessing weaknesses for cyberattacks (e.g., phishing, BEC, voice phishing) and physical attacks (it’s an increasingly dangerous world). Within the growing realm of data privacy regulations and compliance mandates that cover an increasing set of companies, being proactive about data removal from unauthorized sites reduces this attack surface.
- We really liked the idea of proactively reducing the amount of unauthorized data available on individual and employees – data that can be used to build profiles for cyberattacks (such as phishing) or physical threats (if they know where you live, they can harass / stalk / harm you … or your family for use as leverage against you).
For more, see Optery.
Leave a Reply