The ITRC reports that of the total number of files breached in 2017, 91.4% were controlled by business enterprises. This is unacceptable—and IT pros know they must do better.
According to a report published by the Identity Theft Resource Center (ITRC), a nonprofit organization established to broaden public education and awareness in the understanding of identity theft, there were a total of 174,402,528 data records exposed by security breaches in 2017. Of those 174 million-plus records, 91.4% were from breaches of security systems managed by business enterprises.
None of the other categories tracked by the ITRC—Banking and Finance, Education, Government and Military, and Healthcare—reached 3% of the total exposed records. Enterprise security, especially when it comes to identity and authentication protocols must do better, and IT professionals must lead the way.
SEE: Guidelines for building security policies (Tech Pro Research)
To make matters worse, many experts, including those at Threat Matrix, believe there will be significant downward pressure on the black market for authentication credentials because there is now a glut of supply. A study published by Research at Google predicts that highly detailed personal identity files, which include social security numbers, birthdates, usernames, passwords, challenge questions, and more, could fall below $10 in 2018.
SEE: Essential reading for IT leaders: 10 books on cybersecurity (free TechRepublic PDF)
Something must be done
Identity theft and misappropriated authentication credentials are major problems not only for business enterprises, but for everyone. New laws and regulations, like the GDPR, could impose substantial financial penalties on enterprises that do not secure sensitive data. This risk of continuing to do the same as before (remember the 91.4%) is just too great. Enterprises must act now to enhance data security, both physically and electronically.
To jump start authentication protocols at your enterprise, IT pros should establish an identity theft protection policy and then thoroughly train employees on how to implement it. TechRepublic sister site Tech Pro Research has a ready-made identity theft policy along with with a PowerPoint presentation on the importance of authentication credentials and the security protocols designed to protect them. It's a good place to start fixing what has become a major headache for business enterprises everywhere.
- Microsoft offers a free assessment of your enterprise's GDPR readiness (TechRepublic)
- Cheat sheet: How to become a cybersecurity pro (TechRepublic)
- Special report: Cybersecurity in an IoT and mobile world (free ZDNet/TechRepublic PDF)
- Online security 101: Tips for protecting your privacy from hackers and spies (ZDNet)