Cybersecurity journalists have had a busy first half of 2018 with the stream of data breaches, topped by last week’s Exactis mass-data exposure. But, is the landscape as bleak as it looks?
You probably don’t need to be following the news to know that your data may have been breached in the last few years. In the last 18 months alone, millions of users have had all or part of their personal and financial information exposed, sold, and traded somewhere on the dark web. Bad actors are working hard on keeping the fraud engine running like a well-oiled machine.
Let’s start by the most recent one, the one that almost dwarfs the Equifax breach.
Marketing data-broker Exactis accidentally exposed 340 million personal records until informed by security researcher and Night Lion Security founder Vinny Troia. “I don’t know where the data is coming from, but it’s one of the most comprehensive collections I’ve ever seen,” Troia said. Exactis exposed the records of 230 million consumers and 110 million businesses.
Next on the list is the 100 million records left exposed by 3,000+ mobile apps, which leaked personally identifiable information (PII) data from unsecured databases due to the “HospitalGown” vulnerability – so called because of back end exposure.
The relatively smaller numbers of those affected by the steady stream of other newsworthy breaches seem almost tame by comparison. The breach at PDQ, the “fast casual” restaurant chain, or those who live in an affected Click2Gov municipality in California, Oklahoma, Texas, Arizona, Wisconsin or Florida are among those potentially affected.
What we are trying to say here is that breaches happen; black-hat hackers are full-time employees who receive fat paychecks to look for system vulnerabilities, so they can steal data.
This brings us to two immutable facts. The first is that data thieves and fraudsters continually comb every conceivable potential source for Social Security numbers, payment information, and other data to commit fraud. The second is that continued reliance on legacy security stacks is only helping thieves while harming customers, merchants, banks, and other organizations serving them.
Leaving PII behind
That’s why so many retailers, eCommerce organizations, banks and other enterprises are turning to multi-layered security strategies that incorporate passive biometrics and behavioral analytics to identify their user’s unique behavior and verify if the user is legitimate or not with pinpoint accuracy – without dependence on static credentials such as names and passwords.
These patterns and behaviors cannot be replicated by would-be thieves using stolen credentials or card details – helping to both break the immediate fraud chain for organizations transacting online, and ultimately, also helping to de-value already stolen consumer data.
As these breaches continue to happen, we urge companies to take action, abolish PII, and protect your customers’ information.
Related to this post Dixons Carphone data breach affects 5.9 million customers