By: Darrell Laffoon, CTO of EZShield + IdentityForce
Chances are, you or someone you know has been impacted by identity theft and cybercrime — even if they don’t know it yet. The fallout from such a personal intrusion into your most confidential personal information can affect every aspect of your life — not to mention, it can be incredibly time-consuming to resolve.
It’s no surprise that the number of records involved in data breaches continues to grow exponentially. Cyberthieves’ methods are constantly evolving in their efforts to obtain this information, as the potential payoff from selling the stolen data to fraudsters, or using it maliciously themselves, is worth the risk. The Dark Web Market Price Index created by Top10VPN shows a complete online identity can be purchased for $1,200, giving deceivers such information as your e-commerce credentials, personal finance accounts, and proof of identity. It’s a virtual jackpot of data for criminals who can then execute account takeovers, open new credit cards in your name, or intercept your tax refund through a false tax filing.
While we can’t prevent criminals from using the Dark Web to exploit our stolen personal information, we can take steps to mitigate the vulnerabilities that give these bad actors access to our sensitive data. At work, at home, or on-the-go — across every connected device — it’s time for businesses and consumers to make cybersecurity a priority.
Be Aware of Your Security Weaknesses
The individual impact of cybercrime is staggering. As many as 33 percent of U.S. adults have experienced identity theft after their personal information was exposed during a data breach. In 2018, serious breaches occurred at popular social media platforms Facebook and Twitter, financial institutions such as SunTrust, and retailers including Macy’s and Saks Fifth Avenue. All told, more than 3.3 billion records were exposed to cyberthieves in the first half of 2018, a 72 percent increase over the same period in 2017, as shown in Gemalto’s Breach Level Index. With that many records being stolen and making their way onto the Dark Web, it may seem like it’s only a matter of time until you or your company falls victim to a security breach.
It’s an unfortunate situation, though likely not surprising to security experts, that human error is one of the biggest threats to data security. Phishing, malware, and man-in-the-middle attacks are some of the most common cyberattacks criminals will use to target your personnel to gain access to your organization’s systems. It only takes one click of a malicious link by an employee to open the doors to thieves. Putting data security policies and training in place for every employee should be a given, but make sure you are also dedicating the time to reinforce those teachings throughout the year. Regular communications to your organization will increase employee’s ability to retain knowledge around safe practices for data security.
Although I’ve been in the identity protection industry for many years, I find it eye-opening that only four percent of breaches since 2013 have been considered “secure” — that is, the data stolen was encrypted and therefore unusable by thieves. With so much sensitive information being shared and stored across numerous websites, companies, and government bodies, ensuring the encryption of data in motion and at rest is a critical mission for every IT and InfoSec team. Coupled with improved employee awareness and training, data encryption is one more way to protect against cyber vulnerabilities before they become liabilities.
Guard Against Mobile Threats
Malware that targets your mobile device is one of the fastest growing threats to cybersecurity — the number has tripled in less than one year, reports Kaspersky Lab. There is a disturbing trend involving apps that claim to offer security for your smart device that are often malicious apps themselves — harvesting user data, tracking user locations, and pushing false security notifications. It has also been found that mobile users are three times more likely to click on a phishing email.
According to Veracode, the average large enterprise is exposed by more than 2,000 unsafe mobile apps installed on employee personal devices. These apps create a prime gateway for thieves to access sensitive business and personal employee data from your organization. A mobile security report from Intertrust estimates the cost of mobile breaches will balloon to $1.5 billion by 2021. However, annual spend on app security is only around $2 million. Compare that figure to the $34 million spent on app development, and it is clear that mobile device security ranks low on the list of investment priorities for the majority of organizations.
It has been estimated that 27 percent of business data traffic will move directly from mobile devices to the cloud by 2021, circumventing organizational network perimeter security completely. IT professionals must protect against the growing number of personal mobile devices used for business, and the direct connection these employee devices will have with your cloud network. Mobile threat defense to safeguard both the individual digital footprint and enterprise security is a tool that belongs in every IT and InfoSec arsenal in 2019. Give your InfoSec team visibility into mobile device threats that may exist on your network from customers or employees, so they can recognize dangers ahead of time and take action before an incident occurs.
Make 2019 Your Year to Be Prepared
As the adage goes, the best defense is a good offense. Don’t underestimate the reputational damage, customer attrition, or personal toll a security breach can have on you and your organization. By taking inventory of your potential vulnerabilities and implementing robust cybersecurity initiatives, you can be prepared against the intrusion of cybercriminals. Shield your employees, your customers, and yourself from experiencing the life-altering impact of identity theft and fraud. Your reputation depends on it.
Darrell Laffoon is the CTO of EZShield + IdentityForce, a digital identity protection and cybersecurity solution provider. For more information, visit www.ezshield.com.