Established in 2005 Identity Protection Company, LifeLock, marketed to the world that the organization would monitor its client’s credit scores and numerous other financial dealings to guard their identity. The organization declared that if any of its client’s identity was taken without consent the company would not only repair it but reimburse them for lost funds. The cost of the service ranged from $10 to $30. To prove trust in LifeLock’s services CEO Todd Davis publicized his social security number on commercials, billboards, and trucks.
LifeLock’s marketing campaign was impressive. The concept was to show that barefacedly publicizing the CEO’s social security number was an attempt to prove that the organization’s services were secure enough that the CEO would not be at risk. However, the campaign resulted in Davis being a victim thirteen times.
It is impossible to guarantee that my social security number is not exposed. However, I firmly believe that everyone should think twice before giving it out unnecessarily. The more frequent it is given out the higher the risk that it will eventually be compromised.
Todd Davis fell victim to Identity Theft. Identity Theft is when a somebody takes your information and uses it without your approval. They may steal your name and address, bank account numbers or credit card information, social security number, or even medical insurance information.
It is not easy to recover from Identity Theft. Mainly because it is hard to prove that the person using your information was not you. Most businesses hold you responsible for the use of your information until you can prove it was not you. It can take years to fix the problem and recover.
A Security Breach is when a hacker acquires unauthorized access to a company’s secure system and data. Identity Theft is considered a Security Breach. With modern technology hackers now have more resources than ever before to commit Identity Theft.
SCM necessitates collaboration between supply chain partners. Large amounts of data are shared electronically. Unfortunately, these associated relationship leaves an organization inadvertently open to exposure of sensitive organizational aspects. Although there are many ways an organization’s supply chain can be breached the one that stands out the most to me is the theft of a vendor’s credentials. Such as logins, passwords badges, and security access.
Credentials that allows remote access to the organization that the vendor is associated with. The attacker infiltrates the company’s network via what a considered a trusted source. Thieves can then attain elevated rights granting them the ability to navigate portions of the organization’s network and install malicious software. Many times, confidential credentials are bought and sold on the dark underground internet, a place where illegal activity occurs.
CRM Systems holds invaluable data. Each customer occurrence contains vast amounts of regulated, confidential, and branded information. When an organization is breached it is critical to first check to see if the hacker was able to obtain customer’s financial/payment details. However, this is not the only risk.
Using the CRM data, these cybercriminals, often reach out to the customer and masquerades as a representative of the organization. Smishing is when the attacker gains the trust of a victim and tricks them into giving out additional private information. Data breaches such as this usually result in lawsuits, permanent damage to the organization’s reputation, and customer trust.
ERP Systems are a single system for the entire organization that runs business-critical processes and houses an abundance of sensitive organizational information. The type of data that an ERP platform holds makes it a prime target of a Security Breach.
Hackers know that having a fully all-inclusive system usually means there will be some weak spots and vulnerabilities that they can take advantage of. These vulnerabilities allow cybercriminals to infect the company’s network with malware. Dridex, used on SAP Systems, is a prime example of how the attacker stole user credentials along with sensitive business data.
Organizations must realize it is not if but when hackers will attack their systems. Having this mindset enables them to make sure that their systems are prepared. Security patches must be installed and kept current. It is essential to have firewalls up and running. Policies need to be put into place and properly interrelating to other parts of the system. All software needs to be up to date. The organization’s user list needs to be current. There needs to be a set number of sign-in attempts. System monitoring is crucial to preventing most attacks before they become a security breach.
LifeLock’s marketing campaign is a prime example of what not to do as a means of showing confidence in your product or service. Exposing sensitive information only provokes attacks. I like IdentityForce’s marketing campaign and would use something similar to show that my organization is in touch with what matters the most to customers putting their security top priority around the clock. A marketing campaign such as IdentityForce earns trust.
We are living in an age where we manage almost all aspects of our lives digitally. Organizations and individuals depend on the internet, mobile devices, and The Cloud to transmit, retrieve, and store a massive amount of data. With the rise of the need to work anytime-anywhere staff members are using their personal devices to process most of their business activities. These devices also for accessing the cloud. With the transmission of business and personal data over the internet, mobile devices, and The Cloud leaves organizations and individuals an easy target for attackers.
In recent years, there has been a rise in the frequency and severity of Cyber Criminals exploiting flaws in security systems and compromising organizational infrastructures. Computers can send instructions to perform a task to another or even take it over (Malware). People now can steal others identity by merely guessing, cracking, or extracting their password. Organizations can never prevent these vulnerabilities since they are constructed in the architecture of the internet. Criminals exploit these vulnerabilities to steal billions of dollars, while our government uses them for surveillance.
References
- IdentityForce Protect What Matters(2020). Retrieved from https://secure.identityforce.com/sales_landing?offer=drtvus30&ASID=Google&SSAID=Identity_Theft_Software&SID=identity%20theft%20protection&c3api=8079,405839731566,identity%20theft%20protection&gclid=CjwKCAiAsIDxBRAsEiwAV76N8z1UQ9EqpDcrlW4mADpDuxMAiSqH0O3fmbOGKwGV436dXWUk1tpo9RoCDAIQAvD_BwE
- Melnyk, S. A. (2019). Blockchain is Vastly Overrated; Supply Chain Cybersecurity Is Vastly Underrated. Retrieved from https://www.supplychain247.com/article/blockchain_is_overrated_supply_chain_cybersecurity_is_underrated
- Weinberger, M. (2016). The Founder Of The Identity Theft Prevention Company Symantec Bought Reportedly Had His Identity Stolen 13 Times. Retrieved from https://www.businessinsider.com/lifelock-symantec-ceo-identity-theft-ftc-charges-2016-11