Identity theft — are you a prime target?

The cost of data breach-led identify theft far exceeds that of complete security protection.

Imagine the trauma of receiving your credit card statement showing a sizeable withdrawal without your knowledge. We now live in a world where the threat of identity theft is no longer a ‘what if’ scenario, but an increasingly real possibility.

With the average Australian household now owning eight internet-connected devices, consumers can expect cybersecurity threats, such as identity theft and malware, to explode over the next few years.

For instance, almost 800,000 Australians were victims of identity theft last year, costing the average victim roughly $4000 and the economy around $1.6 billion.

The rise of cybercrime and its associated costs are driven by several key trends. This includes the proliferation of broadband connectivity and rapid adoption of smartphones, which has resulted in people spending more time online and conducting financial transactions over mobile.

Smart devices can have lower security measures than traditional PCs, creating vulnerabilities for hackers to exploit.

The problem with a sharing society

While shopping and entertainment services, as well as public services, move online in droves, education and awareness of online privacy and safety remains low.

Driven partly by the rise of social media, more people are routinely sharing data with organisations often through unsecured channels, putting personal identity data at greater risk.

Another challenge created by a society of over-sharers is the fact consumers now encounter form fields and blank spaces requesting personal information online almost every day.

Many, however, will never stop to question where the information is going, how it’s being transmitted and stored, and what security measures are in place.

Yet, the survival of e-commerce relies on consumer confidence in the knowledge that information shared online will not expose them to a significant risk of identity theft.

While the risk of identity theft remains high, privacy and security will continue to be major barriers in the adoption of online and mobile payment services.

Why the enterprise is a key target

Enterprises have a duty of care to ensure applications are delivered securely. With so much sensitive customer data in its possession, enterprise IT infrastructure and applications continue to be the main targets of hackers, whose agenda is often to acquire customer and financial data from organisations.

With the knowledge that each security breach can cost a business $144 per stolen record, the financial ramifications of a cyber attack on a business is exceedingly clear.

The security risks of employees

Frequently, corporations experience a data breach as a result of their employees’ identities or accounts being compromised. This is often the case due to a lack of security parameters within their personal accounts or via unintentionally clicking on spam links.

In fact, according to Ponemon Institute, over half of all security breaches are caused by human error.

Malware is one of the most common methods used by cybercriminals to hack into an organisation through its employees. Malware has the ability to perform web injections and embed fake fields into a seemingly real website, tricking users into entering details like credit card information, birth dates and other personal information.

They also perform automated transactions to steal or transfer funds to unauthorised accounts.

People and businesses may not be thinking too much about these questions — however, hackers certainly are. Cybercriminals are constantly identifying vulnerabilities and exploiting them through stealing personal identifiable information.

Without proper infrastructure to mitigate these threats, the consequences will be insurmountable.

Mitigating the risks

Businesses need to counterbalance the risk of a cyber attack with strong, proactive security measures, which reflect the increasing sophistication, frequency and diversity of today’s attacks.

Conventional security devices at the edge of the data centre are ill-equipped to handle such attacks. This beckons a need for modern threat mitigation platforms to provide complete protection from the bottom to the top of the network stack, from apps hosted in on-premise data centres to apps sitting in the cloud.

Most hackers use poorly protected public facing web channels as a means of entry into an organisation — compromising servers, stealing data and performing mischievous defacement. As such, these channels have to be sufficiently protected.

Replicating and enforcing consistent and proven web application security policies across traditional and cloud, ie, hybrid environments, however, involves significant cost and complexity. Hence, organisations must often choose between employing specialised IT security teams in-house or adopting customisable solutions.

In summary, businesses must realise that the cost of data breach-led identify theft far exceeds the expenses required for complete security protection. Above all, progressive organisations that start thinking about securing their infrastructure from security threats now can ensure business continuity in the future.