Identity theft continues to be a major cause of concern as hackers are finding new ways to exploit the information.
Over the years, identity theft reported cases noted a steep rise, more so during the Covid-19 pandemic, where cybercriminals utilized the panic and uncertainty to their advantage.
According to a Javelin Strategy & Research ‘Identity Fraud Study: The Virtual Battleground’, in 2021 alone, over 15 million US consumers fell prey to traditional identity fraud with losses amounting to $24 billion (USD).
In an exclusive interview with The Cyber Express, Acronis CISO Kevin Reed discussed identity theft, the risk it poses, prevention and beyond.
1. With the number of cyberattacks and data breaches that are taking place around the world, identity theft has become a major cause of concern. To understand the topic more, can you share the types of identity theft that exist currently?
Identity theft is the crime of obtaining the sensitive personal information of another person with the goal of committing fraud or extorting the victim.
The types of fraud committed usually define the types of identity theft. The most common type of identity theft is financial. Fraudsters use stolen personal data to obtain credits, loans, and goods.
Related, fraudsters may use stolen identities to redirect deliveries, like expensive purchases.
Tax identity theft is applicable in some countries, where fraudsters make fake tax returns claims on behalf of the victim.
During the recent COVID-19 pandemic, some governments provided various forms of financial support, and criminals took advantage of this by using fake identities to get funds transferred to them.
2.Are there any particular techniques that cybercriminals use for identity theft? Can you elaborate on those?
Cybercriminals often rely on social engineering, a sense of urgency and sometimes the excitement of the victim. Another approach is hacking large databases of users to obtain such sensitive data from them.
3. Almost anyone who has experienced a data breach or has been a victim of a cyberattack is vulnerable to identity theft. Are there any ways to prevent oneself from identity theft?
Given that there are two venues for stealing personal data, individuals can only partially protect themselves.
The usual advice to stay vigilant applies here. If something is too good to be true, it’s probably not. You don’t have a relative king in Africa who wants you to inherit their estate.
Unfortunately, when it comes to service and databases hacking, there is little individuals can do. Try to only reveal a bare minimum about yourself on less important sites.
4) What key role does document Verification Play in fighting identity theft?
Many countries face the problem of document fraud, and document verification is unfortunately not as efficient prevention control as it used to be. Criminals get access to advanced printing technologies in some countries.
5) What should businesses do about spoofed brand sites?
Spoofed brand sites can be a significant threat to businesses, as they can damage the brand’s reputation, confuse customers, and even steal personal or financial information. It’s important to stay vigilant to identify any unauthorized sites that may be using your brand’s name or logo.
Swift actions need to be taken if any spoofed sites are identified. Once you’ve identified a spoofed site, report it to the relevant authorities to get the site taken down, such as the hosting provider, domain registrar, or search engines.
It’s important to educate customers of the risks of spoofed sites and know how to identify legitimate sites. Implement 2FA and SSL certificates which help ensure that website visitors are connecting to a legitimate site and protect sensitive information that may be exchanged on the site.
6) What should be on the CISOs’ top priorities list in 2023 and beyond?
Ransomware attacks are on the rise and continue to pose the biggest threat to organizations worldwide. When was the last time their ransomware incident response plan and protocols were tested out? The company is aware of the risks of ransomware but still needs to test its threat prevention.
Having disaster recovery processes in place, including backups to restore from and visibility into their organization’s logs, are essential.
These are all critical cybersecurity objectives behind a sound incident response plan that show both the C-suite and security teams that the company is able to provide the necessary support needed in times of crisis.