Identity Theft Risk Mitigation: Is Your Business Properly Prepared?

Joseph Carson

While most people think of identity theft as something isolated to groups of people who’ve taken a series of avoidable missteps, anyone can have their identity compromised. It’s not just about acquiring someone’s Social Security number or credit card information because they’ve misplaced their wallet or had their mail stolen.

Many identity theft cases don’t involve direct contact between the victim and the thief. Today’s highly digitized world provides ample opportunity for criminals to access the information they need with an internet connection and a couple of clicks.

For businesses with multiple employees, customers and vendors, the potential to be targeted by identity thieves is even higher. With so many points of entry, it’s crucial to have a defense-in-depth plan in place to mitigate the risk of identity theft and protect your business.

Identity Theft, a Cyber Criminal’s Swiss Army Knife

With just a few pieces of information, cybercriminals can wreak havoc on your personal and professional life. They can open new lines of credit, take out loans and make purchases in your name. They can also use your information to file for tax refunds or get a job. And since businesses have more data and assets than individuals, they can be even more appealing targets.

Most modern businesses are starting to invest in cloud computing solutions and are beginning to collect and distribute more data than ever before. In fact, IBM has estimated that we create 2.5 quintillion bytes of data every day. Much of this data is sensitive, including customer information, financial records, and employee data. Unfortunately, identity thieves can easily access this data with the right combination of tools and motivation. Once they have it, they can commit fraud, destroy reputations or extort money from businesses.

Leading Causes of Compromised Identities in Businesses

Cybercriminals are constantly developing new ways to gain access to sensitive data. Some common methods of attack include:

• Phishing attacks: Phishing is a social engineering attack involving tricking employees into revealing sensitive information or downloading malware. Criminals often pose as a trusted individual or organization, such as a vendor or customer, to gain access to employee login credentials or other sensitive data.
• Poor password best practices: Businesses must have adequate password policies, which in some cases can lead to employees using weak passwords or reusing the same password for multiple accounts. Two-factor authentication has become increasingly important for businesses, as it provides an additional layer of security; however, not all companies have adopted this practice.
• Insider threats: Insider threats are employees or contractors with authorized access to business systems and data who misuse that access for criminal purposes. This could involve stealing customer data, selling company secrets, or sabotaging business operations. A lack of employee background checks and ongoing monitoring can make it easier for insider threats to go undetected.
• Unsecured personal devices: With the bring-your-own-device (BYOD) trend, more employees are using their devices for work. This can create a security risk if those devices aren’t adequately secured. For example, if an employee’s device is lost or stolen, it could give criminals access to the business network without raising any red flags.

Benefits of Zero-Trust Strategy and Architecture

In recent years, the “zero trust” security model has gained traction in combating the growing number of cyber threats. Zero-trust security is a departure from the traditional perimeter-based security model, which relies on a network firewall to keep bad actors out.

Instead, zero-trust security assumes that all users and devices are potential threats, whether they’re inside or outside the corporate network. This approach requires businesses to verify every user and device before granting sensitive data or application access.

Benefits of a zero-trust architecture can include:

• Improved security posture: By verifying every user and device before granting them access to sensitive data, you can be confident that only authorized users are accessing your systems.
• Reduced attack surface: Since all users and devices are treated as potential threats, there’s no need to maintain a complex network perimeter with multiple layers of defenses. This simplifies your IT infrastructure and makes identifying and fixing potential security weaknesses easier. Reducing your digital footprint also makes it more difficult for attackers to find and target your systems.
• Enhanced visibility and control: Zero-trust security provides enhanced visibility into your network traffic since all traffic is routed through a central gateway. This allows you to monitor traffic for suspicious activity and identify and isolate compromised devices. It also means you can more easily track down the source of a breach if one does occur.

Improve Your Identity-Protection Protocols

Keeping your identity safe online is more important than ever. As cybercriminals become more sophisticated, they’re constantly finding new ways to exploit vulnerabilities in security protocols. By implementing a zero-trust security strategy, you can improve your organization’s identity protection protocols and make it more difficult for attackers to access sensitive data.

Joseph Carson is chief security scientist and advisory CISO at Delinea. He is a certified information systems security professional (CISSP) and acts as a cybersecurity adviser to several governments, critical infrastructure organizations, and financial and transportation industries. You may follow him on LinkedIn or @DelineaInc on Twitter.