Identity Theft: Marketing Scare Tactics… or Legitimate Concern?

by Michelle Keshel

In today’s society, marketplace, and political forums, it seems that information on virtually every topic can easily be overblown. Often one wonders whether the reports we here from so many independent watchdog groups, special interests, and businesses merit concern, or are they simply marketing and political hype?

However, in the case of Identity Theft, and the compromise of confidential information, it seems that the preponderance of evidence now clearly demonstrates that Identity Theft is quickly becoming a significant threat to business and personal security.

In recent years, Identity Thieves have primarily focused their sights on individuals through physical theft of information from homes, wallets, purses, and postal mail. Once information was secured, these thieves typically exploited the individual’s credit, or existing bank/credit accounts as quickly as possible.

However, over the past few years, the method of operation for Identity Theft has evolved significantly. Today, Identity Theft is just as likely to be conducted by a well-organized group of criminals. The operation of these criminals has extended well beyond the one off case of Identity Theft to encompass primarily high payoff information sources. In most cases, this means targeted attacks against businesses.

The methods used by these organized criminals today include electronic penetration, fraudulent misrepresentation, and the theft of large volumes of data in swift operations. Once compromised, these groups often wholesale the information quickly to sources, which also sell the information to other thieves globally.

Recently, as you may be aware, one of America’s leading financial reporting companies experienced a significant loss of information. The thieves in this case setup what the company perceived to be legitimate business accounts and then used those to gather information in the form of lists of sensitive information. This was a sophisticated attack that leveraged the company’s own operating guidelines for criminal gain.

However, it is important to remember that the sensitive information that Identity Thieves seek is not always the end user information. For example, everyone in your organization can likely look at a list of names with social security numbers and immediately identify the list as sensitive information. But what about a working document that was generated in your data center? One that perhaps includes names for servers, IP address assignments, etc. How many persons in your organization recognize that as an even greater security threat than the list of social security numbers? This is what today’s Identity Thieves seek as often as the resulting information – Because it is a gateway to even greater capabilities to steal information.

The Identity Theft issue is real, and in fact will be one of the greatest challenges to businesses in the coming years. Businesses can certainly endure this threat, but only through the application of sound security measures that mitigate risk to compromise of information through both electronic means and printed documentation.