Thank you for the free holiday.
We all know there are growing numbers of cyber-attacks where hackers use their devious skills to get your financial and personal information. They can then sell this data or use it to make purchases, commit fraud and the like.
A growth in account takeover rewards fraud has provided a new method for the bad guys to take advantage of a data breach and to get your free stuff.
Compromised, stolen or breached credentials are also used to book holidays, free flights or exchange loyalty points for real goods. An often less secure portion of your environment is the rewards system – there is normally no credit card transaction which takes place and this means that compliance codes do not apply – therefore most don’t do much about it. Many of these systems do not even have an option for two factor authentication.
The attack vectors are vast and the truth is that our only way to prevent damage is to be both proactive and defensive. We have no choice but to be both attackers and defenders. Our team are part of both the build-up and the clean-up crew. Cyber resilience and the ability to respond is no longer nice-to-have.
The world of cyber threats is growing and those with ill intent are using everything at their disposal to take advantage.
It is up to us to provide a multi-tiered, multi-layered and deep defence and take advantage of everything at our disposal to fend off the unrelenting attacks. This must include our systems and importantly, our people. This is then bolstered by adding continuous monitoring of activity, access and compromise.
Almost every person that is computer literate uses the same password for everything. If not the same – a small change of a character or number is used between these systems. A birthdate, child’s name or similar is used on each and every online and network account login. Even with the greatest intent in the world, a single compromise or breach in a third party system makes sure this is now accessible to the rest of the world.
We can no longer simply monitor access into and out of our corporate network. It is also proving to not be enough to simply monitor user activity – there is a vast hyper-connected world beyond all these borders and when a compromise on a fitness app on the other side of the planet can open up your corporate environment to data loss and IP theft you have to take action.
A breach can cost millions, reputations can be destroyed and businesses can be ruined.
Worse still, what if they take your free stuff?
John Mc Loughlin