National Cybersecurity Awareness Month, held every October, reminds us of a category of crime that continues to inflict taxpayers and companies with damages amounting to billions of dollars annually. So far 2019 is currently on track to be the worst year yet for data breaches. Large companies are not the only ones who are subject to data breaches; businesses of any size and even individuals can fall victim to hackers. Staying informed on the latest attack types and prevention techniques is the only way to future-proof your business.
Here are five fraud trends everyone should be aware of:
Synthetic identity fraud is a type of identity theft in which criminals combine pieces real personal data with false information to create an entirely new identity. It is typically initiated when a hacker acquires a social security number by theft or purchase on the Dark Web, and then fabricates an associated name, DOB, email account, or phone number. The synthetic identity is then legitimized and nurtured in order to build up lines of credit. Once a fraudster is able to become an authorized user, a process that typically takes around 5 months, the “bust-out” scheme is ready to be executed. The fraudster then maxes out all available lines of credit before dropping the identity. When the dust settles, creditors and businesses are left with dummy accounts filled to the brim with credit card maximums, loans, and cell phone/utility plans.
The word "ransomware" can send chills down the spine of any business owner, and for good reason. Ransomware is a type of malicious software that denies access to data or a system until a ransom is paid. Two cities in Florida were forced to pay over a million in aggregate bitcoin ransom, only after losing access to phone and email systems for multiple weeks. Municipalities are not alone, and a quick glance at data breach news headlines on any given week will reveal attacks on a small and midsized business (SMB) as well.
3. Account Takeover (ATO)
Understanding what methods criminals are using to target your business or vertical is a critical component to any successful cybersecurity strategy. Nevertheless, “the nature of work for a CISO is often reactive”, tasked with establishing a Security Operations Center filled with analysts who are looking to spot a needle in a haystack. Crimeware and “spray-and-pray” techniques are getting easier to use and purchase, leading to a higher frequency in breaches. Solving Account Takeover fraud at the small business and medium enterprise level is a shared responsibility of everyone in your organization. It requires purpose-driven teams and technologies that can protect your business smarter and more efficiently.
This summer, three US universities disclosed data breach incidents within a two-day span. However, this pales in comparison to last year’s highlight. In March 2018, nine hackers breached 144 US universities, charged with stealing 31 terabytes of data worth roughly $3.4 billion in intellectual property. University breaches have a ripple effect across all verticals and companies, driving awareness and raising cybersecurity standards for everyone.
5. Dark Web
Security researchers estimate that In the first half of this year alone, over 23 million credit and debit card details were being sold in underground forums in the first half of 2019. Out of the 23 million cards for sale, nearly two out of every three originated in the United States (64%), followed by the UK (7%) and India (4%). Stolen credit card data can be acquired for as little as $5. Once this data hits the Dark Web, cybercriminals will exchange stolen information and credentials in order to orchestrate damaging fraud schemes.
Tips to Avoid Fraud and Protect Your Business
- Create unique passwords and enforce multi-factor authentication for all network users.
- Install spam-filtering solutions with anti-phishing capabilities across your network.
- Leverage web-filtering programs that block phishy websites.
- Prepare for cryptojacking attacks.
- Purchase SMB security suites that include Dark Web monitoring.
- Involve all stakeholders in raising cybersecurity awareness across your organization.
- Assess your organization’s information, protection, and access regularly.
- Ensure that all third-parties have cybersecurity protocols and policies in place.
- Build a cybersecurity incident response plan (CIRP) and democratize key information.
- Partner up with a Managed Service Provider (MSP), like Aligned Technology Solutions, to provide cybersecurity training to your employees.
For more cybersecurity tips check out our previous blog post 16 Cyber Security Tips for Small and Medium Businesses.