Data breaches keep on coming. Here’s what you can do to stay ahead of the hackers
Money makes the world go around. It’s the glue that holds our society together and the engine that drives our economy. But it’s also coveted by a growing global population of highly resourceful and determined cyber-criminals. They’re out to get what they can and their route to riches usually begins with the theft of data—your data. While sometimes it’s stolen direct from individuals, there’s a far bigger potential pay-off from hitting a company that may be storing personal data on millions of customers.
These data breaches have become depressingly common in the 21st century. And over the past month or so another two firms have been found wanting – exposing a further 30 million customers. To keep ourselves insulated as much as possible from incidents like this we need to be alert, to track when breaches happen and if we’re affected, and we need to plan ahead to protect the gateways to our digital lives: our digital IDs and passwords.
Breaches are here to stay
So, what’s the scope of the problem? Well, if cybercrime were a country it would have the 13th highest GDP in the world, generating as much as $1.5 trillion each year, according to some estimates. And according to a new report, there have been nearly 4,000 data breaches already in the first six months of 2019, a 54% increase on the same period last year — exposing 4.1bn records.
A sophisticated underground economy offers hackers all the tools and expertise they need to launch attacks, and a thriving digital Dark Web marketplace in which to sell stolen data to fraudsters and other cyber-criminals. Many do not even need technical skills to get started, they simply rent hacking kits as a service, point and click.
This is what businesses are up against. As long as there’s money to be made, there’ll be a steady stream of cyber-criminals knocking at their door, testing their systems and trying to get in. The latest two to suffer major breaches of customer data are the popular online merchandise store CafePress and the e-commerce firm StockX.
We know by now that even the most secure business in the world can be hacked, as long as the attacker is determined enough. Instead, it’s how the business responds to an attack that matters. Unfortunately, these two firms have been heavily criticized for various deficiencies including:
What could hackers do with my password?
Stolen identity data can be used to impersonate victims online in identity fraud attempts, or in phishing attacks designed to grab even more sensitive data from the victim.
However, a lot of the time it is the email-address-and-password combos that the hackers are after. Why? Because these are the virtual keys to our digital world – offering access to everything from online banking to our emails, cloud storage and even video streaming services.
We all own so many online accounts today that password reuse across these sites and apps is commonplace. Remembering hundreds of complex, secure log-ins is simply unfeasible, so we go for one or two simple ones, and use them for everything.
The problem is the bad guys know this, and use so-called “credential stuffing” techniques to try the log-ins they’ve stolen from CafePress, StockX, or the latest breached company, across multiple sites. They can run these at great speed, and use huge volumes of breached log-ins to try and crack open user accounts on other sites/apps. They only have to be lucky a tiny fraction of the time to make it worth their while.
This technique was behind an estimated 30 billion unauthorized log-in attempts in 2018.
With working log-ins, hackers could:
What you can do
It’s important than ever for consumers to get proactive about their own data security, by utilizing an identity monitoring service, which notifies you when your credentials have been compromised or are being sold on the Dark Web; and by beefing up how you manage your online credentials—your IDs and passwords—using a password manager tool to create longer and stronger passwords. Trend Micro has solutions for both (see below).
You should also consider adding a second layer of security by switching on two-factor authentication for any accounts that offer it. This will request another “factor” such as a fingerprint, facial scan, or one-time SMS passcode[i] in addition to your passwords. You can achieve the same end-result by downloading a handy 2FA app, such as Google Authenticator or Authy.
Here’s a checklist of other data security tips:
How Trend Micro can help
Data breaches at firms like CafePress and StockX may be happening on an almost regular basis today, but Trend Micro offers two complementary services to reduce your risk exposure:
Staying vigilant about the integrity your online accounts, beefing up your access with 2FA, and using a password manager will contribute significantly to maintaining the safety of your identity in an unsafe world.
 Note that one-time passcodes texted to your phone will not keep you safe if the hacker has access to your mobile phone number/account. This has happened multiple times in the past.