by Brian Thompson | Apr 20, 2022 | Breach, Identity Theft
by Brian Thompson | Feb 9, 2022 | Breach, Identity Theft, Uncategorized
Two years ago I wrote an article asking the question Is Your Digital Identity Safe? Two days ago I read an Infosecurity Magazine article stating Identity Theft Will Get Worse. It appears that Hackers are coming after you in 2022!
Specific to your digital identity and today’s threat landscape for consumers and small businesses, cyber thieves and ID theft criminals have evolved to the point where hacking and data breaches will happen at any time and can affect anyone.
As for the statement “identity theft will get worse,” the fact is that 2021 surpassed the all-time record for data breaches exposing the Personally Identifiable Information (PII) of millions of Americans.
As a reminder, examples of PII include:
- Name: full name, maiden name, mother’s maiden name, or alias
- Personal identification numbers: social security number (SSN), passport number, driver’s license number, taxpayer identification number, patient identification number, employee or student identification number, financial account, or credit card number
- Address information: street address, or email address
- Telephone numbers
- Personal characteristics: photographic images (particularly of face or other identifying characteristics), fingerprints, or handwriting
- Biometric data: retina scans, voice signatures, or facial geometry
- Information identifying personally owned property: VIN number or title number
- Asset information: Internet Protocol (IP) or Media Access Control (MAC) addresses that consistently link to a particular person
And now our digital world, combined with a two-year pandemic, has consumers and small businesses worried. There is so much uncertainty in our world and cybercriminals, and their new scams are adding to the challenge.
Consumer?
If you are a consumer, recent digital risk examples making today’s headline news include How to avoid buying fake Covid tests online and BBB warns consumers of hackers posing as apps like Paypal and Venmo to steal your money.
Cyber thieves and ID theft criminals depend on human nature and emotion such as an individual’s tendency to trust others (e.g. phishing and vishing) and desperation (e.g. the chaos of supply chain shortages such as Covid-19 tests). These phishing and vishing tactics and fake websites have gained attention in recent weeks over the increasing number of identity theft victims.
Small Business Owner?
If you are a small business owner – trusting others and desperation are common risk factors just like a consumer – but it gets worse as Cyber risks top worldwide business concerns in 2022.
According to the just-released 12th Annual Allianz Risk Barometer Survey, cyber incidents at the top of the list. This is only the second time cyber has been at the top of the list in the survey’s history.
Cyber incidents, ransomware attacks, data breaches, or major IT outages worry businesses more than anything else. They worry businesses even more than a business interruption, supply chain disruption, or the COVID-19 pandemic.
To conclude, cyber thieves and ID theft criminals continue to find new and innovative ways to steal your personal information.
Both consumers and small business owners need to keep security education and awareness top of mind. Protecting our digital identities is crucial because hackers are coming for you in 2022.
Mark Pribish
by Brian Thompson | Dec 9, 2021 | Breach, Identity Theft
The last two years have created an opportune environment for bad actors ensuring the Cyberdemic will continue into 2022.
As we continue to migrate our lives into the digital world with remote workforces and comfort we increase cybercriminals’ opportunity for attack. This year we have seen a significant shift in the focused attacks on supply chains, home networks, and a gigantic increase in healthcare breaches.
In its latest Data Breach Industry Forecast released Monday, Experian has 5 predictions that underscore the ongoing impact of the pandemic on cybersecurity. Criminals will continue to focus on the remote workforce, the healthcare system, and will begin to narrow their targets to exploit the weakest technologies.
5 Breach Trends for 2022
- Remote Workforce
Those working from home will certainly be targets for those looking to hack into your business. According to the report, home wireless networks are more vulnerable than business VPN’s. Businesses will need to focus on securing employee connections and education.
- Infrastructure
Biden’s infrastructure bill and the trillions of dollars approved by Congress will be a target. Electrical grids, dams, and transportation networks will be heavily targeted by foreign and domestic cybercriminals. Criminals will likely be looking to target funds at disbursement by using phishing and CEO fraud.
- Digital Assets
Cryptocurrencies and NFT’s (Non-Fungible Tokens)– will become greater targets for hackers as they gain more popularity. As we begin to understand and accept these assets as normal and useful, so will the criminals. Chances are, they are just waiting to realize their worth and inevitability.
- Natural Disasters
Natural disasters often bring out the best in those doing their best to help. People will donate to organizations that aim to give aid and help those who have been affected. Criminals will take advantage of our distress and target charitable giving by phishing and masking themselves as the organizations we trust. To complicate things further, supply chains will be broken and unreliable, making important emergency goods difficult to source… another vulnerability that hackers will exploit.
- Gambling
As more and more states are legalizing gambling, phishing scams will target the growing online gambling community. Common scams will include stolen credit card information, account hijacking, or creating sites that appear to be legitimate casinos.
The Identity Theft Resource Center reports that there have been 1,291 breaches in 2021 as of September. There were 1,108 in all of 2020, which is a 17% increase in just three quarters of the year.
The past two years have caused so many disruptions in our way of living and working but we need to increase our personal and professional focus on privacy. As a result, the Pandemic has created an abundance of opportunities ensuring the Cyberdemic will continue into 2022.
by Brian Thompson | Sep 1, 2021 | Breach, Identity Theft
Consumer behavior can help reduce the hacker threat we are all facing. With education and awareness, we can not only protect ourselves but the companies we work with and for.
Author (Matt Burgess) of Wired UK Magazine recommends six action items for consumers to help protect themselves including (6 Things You Need to Do to Prevent Getting Hacked | WIRED):
- The use of multi-factor authentication
- Password manager
- Learn how to spot a phishing attack
- Update/backup everything
- Encrypt everything and
- Wipe your digital footprint.
4 Personal Resolutions to help you
Nearly three years ago I published a similar article on January 18, 2019, titled 4 Personal Privacy Resolutions to Protect Yourself From ID Theft to help consumers with their privacy concerns, by writing about four resolutions including:
-
Social Media: you should reconsider the data you share on social media including Facebook, Twitter, Instagram, Snapchat, and even LinkedIn – as all five of these social media leaders have experienced one or more data breach events. Your resolution is to stop using social media, take a break, or reduce how much time you spend on it.
-
Password Management: using new and strong passwords is one of the best ways to protect yourself from identity theft. Using passwords that there are weak – and might even be used for multiple accounts, puts you at risk. Your resolution is to use a password manager that creates new, strong passwords. A PW manager will also scan existing passwords to flag reused and weak passwords.
-
Terms & Conditions: whenever I speak on the topics of cybersecurity, data breach, identity theft, and personal privacy – I always ask the audience “how many of you” have read the terms and conditions of your social media accounts or apps on your smartphones? The response is always zero. Your resolution is to read the terms and conditions of all new and current accounts. Reading T&C’s will help you understand what personal information that is being collected, used, and sold for marketing purposes.
-
Virtual Private Network (VPN): VPN software scrambles your IP address, encrypts data sent between your computer and the websites you visit, and masks your true location and service provider. This is important if you use public Wi-Fi. Your resolution to use a VPN will prevent hackers from seeing your traffic and potentially scraping sensitive information such as financial details. Public WiFi is Putting You at Risk
While I agree that consumers should be concerned about the recent T-Mobile data breach event where current and former customers are at a high risk of identity theft, consumers should be equally concerned about their behavior relating to social media, the internet of things, human error, and bad habits.
Consumer behavior can help reduce the threat of hackers but we have to educate ourselves and remain diligent.
By Mark Pribish
Vice President and ID Theft Practice Leader
by Brian Thompson | Jun 23, 2021 | Breach, Identity Theft
Reality…no company can prevent a breach! Earlier this month I was a guest speaker at the 2021 Nebraska Credit Union League Annual Meeting & Convention.
One of my talking points was about the reality of data breaches and how the final story for most data breach events rarely reflects the initial news report. Initial reports speak of what is currently known about the breach. But those reports never cover the long-term impact of affected individuals and small businesses.
In case you missed it, some of the notable data breaches so far in 2021 include CNA, Experian, Facebook, GEICO, Instagram, LinkedIn, Microsoft, Tesla, and Microsoft.
The irony to these data breaches is that these businesses pride themselves on safeguarding PII (Personally Identifiable Information). An additional irony is that these businesses have more financial and information technology resources than most other businesses, and yet they still cannot prevent a data breach event from happening.
Reality
The reality of data breaches is that they occur almost every day – whether it is an accidental release (which is a polite phrase for carelessness, incompetence, or simply stupidity) or malicious intent (with the insider threat a common focal point, although the media heavily focuses on hacking events).
To help add clarity to the above, the recently released 2021 Verizon Data Breach Investigations Report (Verizon 2021 Data Breach Investigations Report Released) provides the latest data breach-related trends and statistics that can help both consumers and employees be proactive in mitigating their exposure to identity theft and data breaches.
This year’s Data Breach Investigations Report (DBIR) helps define words in an accurate and complete manner such as “incident” and “breach” and highlights the reality of data breaches that can support a cyber-risk management strategy for all businesses in general but small business in particular.
Things to know
- Social engineering is the most successful attack
- The top hacking vector in breaches is web application servers
- Denial of service is the most frequent way incidents occur
- 85 percent of breaches involved a human element
- Financially-motivated attacks are the most common
- Organized crime continues to be the number one attacker
- Compromised External cloud assets, more than on-premises assets
- The exploitation of Unpatched older vulnerabilities by attackers
- Credentials remain one of the most sought-after data types, followed by personal information
- Employees continue to make mistakes that cause incidents and breaches
- Lost and Stolen devices
- Misuse of Privileges
- Business Email Compromises were the second most common form of social engineering (COMPLACENCY MAKES HACKERS SUCCESSFUL)
- The majority of social engineering incidents were discovered externally
DBIR also states “phishing continues to be a top cause of data breaches, followed by stolen credentials and ransomware. Threat actors ‘will first exfiltrate the data they encrypt’ and threaten to reveal it publicly if the ransom isn’t paid.”
To conclude and while this year’s Verizon report highlights “the importance of building a culture of cybersecurity vigilance,” I believe that having a response and recovery program in place is just as important as having an information security and governance program in place.
Why, because I believe the reality of data breaches is that “no one company can ever prevent itself from experiencing a data breach event”. This is something I have been writing and speaking about for the last 15 years.
By Mark Pribish
Vice President and ID Theft Practice Leader
by Brian Thompson | May 20, 2021 | Breach, Identity Theft
The danger of complacency makes hackers successful at phishing and ransomware.
The recent Colonial Pipeline cyberattack forced Colonial to shut down the pipeline. The shutdown created widespread fuel shortages in 11 states and Washington, D.C. All pointing to the true vulnerability of our companies and the detrimental effects of being complacent.
Complacency and phishing emails that spread malware are the main reason for the success of cybercriminals and ransomware attacks.
According to a December 2020 Digital Guardian blog titled A History of Ransomware Attacks, “ransomware has been a prominent threat to enterprises, SMBs, and individuals alike since the mid-2000s.”
Separately, according to the National Cyber Investigative Joint Task Force (NCIJTF), crimes such as financial fraud and identity theft are being exploited via the internet and technology through “the global cyber domain” every day.
To address this “evolving cyber challenge,” the NCIJTF released this FBI-IC3 Ransomware PDF Fact Sheet to educate the public on the ransomware threat.
The FBI’s Internet Crime Complaint Center (IC3) defines ransomware as; “a form of malware targeting both human and technical weaknesses in an effort to make critical data and/or systems inaccessible.
The irony to this evolving cyber challenge is that ransomware was originally intended to target individual consumers. Consumers are low stake opportunities but are still targets.
Instead, cybercriminals have taken ransomware to a more lucrative level by targeting higher-stakes opportunities such as:
- healthcare (hospitals, medical groups, and dental groups),
- professional services (law firms, accounting firms, and consulting firms),
- education (high schools, community colleges, and colleges),
- government agencies (law enforcement, city, and federal agencies).
In addition, digital money or cryptocurrencies such as Bitcoin and Ethereum are now targets. Cryptocurrencies are difficult to trace and can be transferred electronically without financial institutions that are regulated by governments. This fact has made ransomware more profitable than stealing data and selling it on the Dark Web.
What to do about it.
Consumers and employees – especially small business employees – should receive security training on a regular basis. Education about the latest security threats via online education and phishing simulation tests can dramatically reduce the threat.
The reality is that cybercriminals depend on the phrase “breach fatigue” and for consumers and employees to be complacent and careless about cybersecurity.
Two good examples of email security threats that consumers and employees need to be aware of are (1) spoofing and phishing and (2) Business Email Compromise.
To conclude, the potential for cybercriminals to shut down your home computer, the company you work for, or critical infrastructures such as gas pipelines, electric grids, and water supplies; along with mass transportation, railways, bridges, tunnels, and even airlines – should be enough motivation for consumers and employees to NOT be complacent. Because… Complacency makes hackers successful!
By Mark Pribish
Vice President and ID Theft Practice Leader
