First Annual Identity Management Day Emphasizes Identity Theft Prevention
For the first time, the high risk and high cost of identity fraud and the growing need for responsible identity management are being spotlighted with the introduction of Identity Management Day 2021.
The inaugural event occurring April 13, 2021, is hosted by the Identity Defined Security Alliance (IDSA) with the support of IDSA member companies and the National Cyber Security Alliance (NCSA). The mission of the NCSA, specifically, is to “educate and empower our global digital society to use the internet more safely and securely.”
Identity theft costs the U.S. billions of dollars annually. In 2019 alone, the cost of identity theft was almost $17 billion.
Examples of Risky Online Behavior
Both businesses and consumers are guilty of risky behaviors that can lead to costly identity theft and the resultant identity fraud. Identity Management Day 2021 shines a light on these behaviors and the importance of remediation measures.
In recognition of this day, businesses are urged to evaluate their security programs, particularly with respect to identity management, and to implement more robust security measures where they are needed.
For Businesses. Identity and Access Management (IAM) is a vital component of any modern security program, whether for an enterprise or a smaller company, a government agency, or a non-profit organization. And yet the majority of reported commercial data breaches take advantage of poor identity management practices.
These practices include allowing employees to use weak passwords, failing to implement multifactor authentication, neglecting to terminate access privileges when a project ends or an employee leaves, and similar oversights or weak policies.
For Individuals. Individual consumers share the burden of protecting their own identities as they live, shop, and play online. Examples of careless online behavior include neglecting to enable multifactor authentication when a service provider or merchant offers it to improve security, and storing personal payment information on a merchant’s website.
Clicking on suspicious links in emails, connecting to public Wi-Fi networks, using weak passwords, never changing passwords, or using the same password for multiple accounts are also examples of risky individual online behavior.
The Black Market for ID
Regardless of which type of risky behavior a business or individual may be guilty of, rest assured that cybercriminals are constantly trolling for mistakes and oversights they can turn into cyber gold.
The black market for stolen identities is lucrative and profitable. It trades in social security numbers, passport numbers, driver’s license numbers, dates of birth, and other personal data—for which bad actors seeking new identities, or additional identities, are willing to pay thousands of dollars in bitcoin.
Identity Theft By The Numbers
Identity theft in the U.S. cost $16.9 billion in 2019, according to an article on the Experian blog, and affected 13 million individuals (about 5.1% of all U.S. consumers). And identity theft is on the rise.
In the first three quarters of 2020, the Federal Trade Commission (FTC) received more than 418,000 identity theft reports, almost double the reports from the same period in 2019.
In a 2020 holiday survey of 1,000 consumers conducted by Experian, 24% of respondents claim to have been victims of identity theft or fraud during the holidays—twice as many as in the 2019 survey.
The IDSA website offers excellent resources all year long to aid in understanding the scope of the identity theft problem. The following and additional alarming numbers can be found on the Identity Management Day tab:
- 79% of organizations have experienced an identity-related security breach in the past two years. Even more disturbing, almost all (99%) believe those breaches were preventable.
- 81% of IT professionals say the number of identities in their organizations has at least doubled over the past decade.
- 81% of hacking-related breaches leverage weak, stolen, or otherwise compromised credentials.
Why Identity Theft Occurs
Cybercriminals have plenty to gain by stealing personally identifiable information (PII) from businesses and individuals. Their gains contribute to the high cost of identity theft. Following are some of the ways they leverage stolen identities for profit:
- To fraudulently buy merchandise and services.
- To open bank accounts, store accounts, and other accounts the cybercriminal can continue to use even after the theft has been discovered.
- To obtain loans and credit cards.
- To hijack stimulus payments and consumer tax refunds.
Identity theft can occur when customers’ personal information is inadvertently exposed, or when existing safeguards are no longer adequate to protect data privacy and security. Identity theft can also occur when:
- Access credentials, such as passwords, are weak.
- Network or wi-fi connections are not secure.
- Phishing schemes conducted via email or phone deceive users into disclosing their personal information.
Identity fraud occurs most often in new credit card accounts, mobile phone accounts, and business and personal loans, according to the FTC.
In virtually all of these cases, customer data is collected, transferred, or stored electronically and is exposed and stolen at some stage in the electronic ecosystem.
Worse During COVID
As it has with other opportunistic cybercrimes, including malware, the pandemic has contributed to the increase in identity theft. Furloughs and work from home scenarios have led to an enormous rise in online browsing, shopping, and other entertainment, which has created tantalizing opportunities for identity thieves.
In addition, numerous new scams have been launched to steal individuals’ stimulus payments or encourage them to enter personal data on phony websites under the guise of accessing COVID testing services. As new opportunities arise, cybercriminals will be the first to find ways to profit from them.
Further Enabling Identity Theft
The world is relentlessly moving toward digital transformation, replacing manual and mechanical processes with digital or electronic systems.
The prime objective of digital transformation is to deliver electronic services to customers quickly and conveniently through their smartphones, laptops, wearables, and other digital devices.
These devices inherently use a wide variety of levels and types of security, just as the device users vary widely in digital expertise and security savvy. Most rely almost completely on the manufacturers’ software, and the myriad software applications they casually download, to keep their login credentials, personal information, and transactions secure and private. In too many cases, that reliance is misplaced.
Raising awareness among U.S. businesses of the importance of responsible identity management is a significant step toward protecting the identities of customers, employees, partners, suppliers, and other stakeholders.
Because even after the pandemic disappears, digital transformation and the Internet of Things will continue their explosive growth. Businesses need to step up their vigilance and enhance identity and access management safeguards and other cybersecurity measures now.
Two Steps Forward
To learn more about the risks of identity theft and fraud and how to address them, visit the IDSA website for tools and resources and sign up for their informative newsletter.
And why not join the countless other organizations who have already done so and become an official Champion of Identity Management Day 2021?
Summary
Identity theft costs the U.S. billions of dollars annually. In 2019 alone, the cost of identity theft was nearly $17 billion. And the FTC has reported almost double the volume of cases in the first nine months of 2020.
Both businesses and consumers are guilty of risky behaviors that can lead to identity theft and the resulting identity fraud. As always, proactive measures by businesses tend to have a greater and more immediate impact on prevention of this and other cybercrimes than the actions of individual consumers—but individuals do bear responsibility for their own online security.
Identity Management Day 2021 shines a light on the importance of responsible identity management for all. In support of the inaugural Identity Management Day on April 13, 2021, businesses are encouraged to become Champions of Identity Management by proactively evaluating their security programs and implementing more robust security measures.