Did you know identity theft occurs every 22 seconds?
Identity theft is, to put it plainly, a multi-billion dollar industry… and the state of affairs has gotten substantially worse just in the last few years. In 2021, losses were estimated to cost US consumers $52 billion, compared to a jarring $635 billion predicted for 2023 alone.
What is identity theft, and what’s happening to increase the impact so dramatically?
Mike Wilson explains for Forbes that the goal of identity theft is to “exploit stolen information for financial gain or fraud,” which can lead immediately, and irreparably, to debt, destroyed credit scores, and personal tragedy. The Department of Justice defines identity theft as “all types of crime in which someone wrongfully obtains and uses another person’s personal data in some way that involves fraud or deception, typically for economic gain.” When considering all the ways personal information can be stolen online, a clearer picture comes into focus.
Personal data, also known as personally identifiable information (PII) includes anything an individual might use to identify themselves. Everything from your date of birth to your driver’s license number is in this category, as well as your fingerprints, your name, your social security number, and your passwords.
Given enough of these pieces of information, a threat actor can effectively steal your identity, and use it to profit in several ways:
1. Financial theft and fraud
One of the most common motivations is money—a surprise to no one. When threat actors steal an individual’s credit card information, they don’t just buy Amazon gift cards and pizza. Cybercriminals can also use the information to apply for more lines of credit, request government benefits, file fraudulent tax refunds, and open new e-commerce accounts.
2. Medical identity theft
With key pieces of personal information, a threat actor can use your identity to obtain prescription drugs, purchase medical devices, and commit fraud through Medicare.
3. Synthetic identity theft
Currently, the fastest-growing type of identity theft, synthetic theft occurs when a real person’s social security number is combined with a fake identity to obtain a loan. Often elderly people are targeted as they are less likely to use credit monitoring services.
4. Child identity theft
Perhaps one of the more horrifying categories, cybercriminals aren’t above stealing kids’ personal information. Threat actors might even spend years building out a stolen, fake identity so they can obtain services and money.
Your PII can be stolen in many ways. Everything from phishing scams, corporate malware attacks, and hacking can lead to millions of pieces of personal information ending up on the web, as well as the dark web, being given or sold along to other nefarious actors.
As Wilson points out, change-of-address fraud is another, lower-tech way of stealing PII, and it’s expected to come under further scrutiny in the near future.
What’s Changed? And.. What Do We Do?
The growth of the digital landscape has surprised most of us—but the rapid inflation of digital services, remote working conditions, and the cyber industry at large were all amplified by the global pandemic. Now that organizations and governments are redirecting resources towards cybersecurity, it’s a chance to lock down the security of PII.
Here’s what enterprises can do to make positive change:
1. Implement Employee Training
Unfortunately one of the most-mocked aspects of data protection, education can be a complete game-changer for protecting PII. Regularly educating users and employees helps them understand the latest methods threat actors are using, and the steps they can take to safeguard their data.
2. Utilize Zero-trust Mentality
Phones, laptops, smart fridges, watches, TVs, heart monitors… with an ever-increasing number of endpoints, the sheer number of attack vectors has also increased dramatically. Organizations must accept that there is no longer a defined security perimeter and that each system needs multi-factor authentication.
3. Automated Monitoring
To reduce the risk of data breaches—therefore reducing the risk of user PII being accessed—and increase compliance, organizations must continuously screen their systems for compromised credentials. Security teams should also find a credential screening tool that is dynamic, and constantly updated with dark web research.
4. Audit, audit, audit.
Another way to mitigate identity theft is to conduct regular audits, across organizational networks, employee permissions, and the DevOps pipeline, to help identify vulnerabilities and potential threats. The security team can then act on the findings to shore up its defenses.
If we don’t take steps to reduce cybersecurity risk, individuals and businesses can both be severely impacted by identity theft. Developing a comprehensive security posture will help protect everyone.