• News
  • Columns
  • Interviews
  • BW Communities
  • Events
  • BW TV
  • Subscribe to Print
BW Businessworld

Protect Your Good Name

Photo Credit :

What's in a name? It seems everything's in a name. The November Symantec intelligence report suggests that a person’s real name is by far the most common item to be stolen in a data breach, where it is obtained 55 per cent of the time.

Insider attacks continued to haunt government agenies and companies alike in 2012. It is not only rogue employees who harm organisations with data theft, negligent insiders are equally at falt. According to Symantec’s 2012 Cost of a Data Breach Study conducted by Ponemon Institute, data breaches cost Indian organisations Rs 2,105 on an average for each lost or stolen record, with the average total organisational cost of data breach being Rs 5.34 crore.

In Symantec's most recent intelligence report it is clear that the threat landscape is evolving continuously from scammers on social networking sites to new threats such as Ransomware. Security breaches where user information becomes publically exposed or stolen is a serious issue for any organisation. The exposure of customer data can lead to a loss of confidence in the organisation by its users. Even worse, the organisation can find itself in violation of data privacy laws or on the receiving end of a lawsuit created by its users.

As mentioned earlier, theft of real names surpasses even usernames and passwords, most commonly used for online identities, which appears within 40 per cent of all data breaches. This points to a trend where hackers are targeting locations people go to complete tasks, in contrast to years past where breaches may have occurred with more frequency through message boards or online games. These former hot-spots would have been less likely to include a user’s real name, often only requiring an alias for a user name.

In contrast, more than 80 per cent of data breaches that are occurring this year are with organisations whose Internet presence is secondary to their main business, such as the healthcare and education sectors, where online access to services is often set up as a means of convenience instead of a business front. Viewing a website as an auxiliary service may mean laxer security, making them easier targets for data breaches.

What’s important to note is that this data does not account for actual cases of identity theft; the data has been stolen, but not necessarily used maliciously. Rather it opens the door for someone with malicious intention to use the information for illicit activities.

A hacker may use some of the information they’ve gathered in a breach to gather further information. For instance, this information could be used to “confirm” someone’s identity over the phone, thus gaining access to further data. In these cases, the hacker is able to work his or her way up the “data chain” in the hopes of obtaining more valuable information.

Most cases of pure monetary theft, where an identity is falsified to purchase goods or services, are done on a much more covert process than buying items with abandon. For example, a thief who has obtained a cache of sensitive data might take one credit card from a list that’s been stolen and then test to see if it usable by making a very small purchase—one that would draw little attention on a credit card statement. If the transaction was successful, he or she might sell the credit card details on to another party.

Finally, an attacker could use this information to create fake accounts in someone’s name. This could mean misrepresenting someone online, such as in social networking environments. In more extreme cases, the data could be used to blatantly impersonate the individual. While the latter is much rarer, there have been instances of people opening credit cards in other people’s names, or impersonating another individual to receive medical treatment.

Overall, it doesn’t appear that the rise in identities exposed through data breaches is going to be slowing down any time soon. Fortunately, while not always required by law, it appears to becoming standard practice for organisations that are breached to provide credit monitoring services.

The best thing one you can do as a consumer is to only provide personal details when absolutely necessary, and keep a close eye on your personal information as much as possible.
Spam – 68.8 per cent (an increase of 4.0 percentage points since October)

Phishing – One in 445.1 emails identified as phishing (a decrease of 0.124 percentage points since October)

Malware – One in 255.8 emails contained malware (an decrease of 0.05 percentage points since October)

Malicious websites – 1,847 websites blocked per day (an increase of 97.9 percent since October)