January 10, 2019
Data Breaches: Is “Personal” Data Becoming an Endangered Species?
Posted November 30, 2017
After the barrage of data breaches during the past decade, your personal data isn’t too “personal” any more. It is quite likely all over the dark web and in the hands of a cybercriminal.
Naughty by Nature
By their very nature, websites are vulnerable to hacks, as evidenced by the torrent of successful data breaches during the past decade. The list is, for lack of a better word, impressive. A small sampling includes:
- River City Media (2016): 1.4 billion records exposed
- Yahoo (2013): 1 billion records exposed
- LinkedIn (2012): 100 million records exposed
- UK Revenue and Customs (2007): 25 million records exposed
- KT Corporation (2012): 12 million records exposed
- Dai Nippon Printing (2007): 8.6 million records exposed
As it turns out, protecting an infrastructure designed for speed and convenience is quite challenging.
Facing the almost daily threat of a breach, businesses have gone on the defensive – implementing security protocols in an attempt to protect their data from a breach. But, those actions don’t address what has become an even bigger problem – the use of this exposed data after a breach.
According to our latest Cybercrime Report, the top vectors for fraud are digital identity theft and identity spoofing. This stolen identity data is the primary ammunition for criminals – used anywhere in the world in attacks targeting practically any market.
The Bigger Picture
I am often asked: “How many customers do you have in my country and in my vertical segment?” Of course, I always provide the appropriate answer. However, due to the global nature of cyberattacks, what I want to say is…“Why does it matter?”
By focusing on one single aspect of any issue, businesses fail to see the bigger picture.
For example, just looking at my interactions with my bank in the United States tells you very little about my complete digital identity. To get the broader context, it’s important to look at all my online interactions – when I hire a taxi in Moscow using my personal credit card; when I make an online purchase at Macy’s using my personal tablet; or when I book my next flight using my corporate credit card from a train in India.
By recognizing that all of these transactions were, in fact, completed by me, a local cable company should be able to recognize that it is truly me opening a brand new account and authenticate me with high confidence.
That contextual awareness is the essence of a digital identity, and is critically important in today’s global digital society.
Weakness into Strength
Organizations all over the world are starting to recognize what we’ve been talking about for 10 years – it takes a network to fight a network. Sharing anonymized data among digital organizations is the best way to combat the growing threat of organized cybercrime.
A true digital identity can only be built through the sharing of data that is anonymized so it can’t be stolen or faked. And it is the most accurate way to authenticate the individual on the other end of a transaction – be it a legitimate user or a fraudster using stolen credentials.
Sharing is inherent to the Internet and used to be its greatest flaw, at least when it came to cybercrime. Now, it is becoming its greatest asset and the key to a secure digital economy.