DECODING Identity Thefts
Holding over two decades of experience, Sumed is responsible for India growth & location strategies, and key delivery practices for all Unisys Delivery Centres across India and APAC. Seshadri on the other hand brings with him experience in operations, quality and client management. The recently published 2020 Unisys Security Index, India report revealed that identity theft was the biggest security concern in India cited by 83 percent respondents. This calls for a deeper understanding of identity theft, how it happens and how individuals can protect themselves from unauthorized access to their personal and financial data. Organizations that deal with personally identifiable data or financial data of individuals play an equally critical role in preventing identity thefts and need to be cognizant of their role in securing this data.
Understanding Identity Theft
In simple terms, identity theft is the act of obtaining another individual’s personal or financial information and assuming their identity to make transactions without the concerned individual’s knowledge or consent. At its core, it is yet another instance of a data breach, with equally devastating consequences. The motives could vary from financial benefits to illegal immigration to something as sinister as terrorism. The internet is full of stories of data breaches in organizations and consequent sale of personal and financial data on the dark web. Instances of people falling prey to phishing attacks and revealing personal and financial data to unscrupulous criminals are many too. So are crimes conducted with stolen identities. It is important to note here that identity theft can happen in the physical world as well, and not just in the digital, although the latter may be more common nowadays. It is a multi-faceted problem, with varied motives, consequences and implications for individuals and organizations alike, and calls for action by all stakeholders.
What Individuals and Businesses Should Do to Prevent Identity Thefts
To prevent identity thefts, we need to dig deeper into how it happens. Large scale data breaches compromising millions of records come to our mind instantly. Indeed, data breaches in organizations have often resulted in customer data being shared and sold on the dark web. This could include personally identifiable details like name, gender, date of birth, email id and social security numbers to more troubling details pertaining to health conditions, insurance and credit or debit cards.
Individuals themselves could be tricked into sharing their details with criminals. Phishing, social engineering attacks and vishing are some of the common means employed to make
unsuspecting individuals share sensitive information with outsiders. Rummaging through rubbish, browsing through redundant IT equipment or mobile phones which have been discarded without sanitizing, employing bogus communications such as job offers or financial gains, browsing through social networks, using available public records and just plain shoulder surfing and overhearing private conversations are some of the other tactics employed by criminals. More often than not, it is the hapless victim who bears the burden of malicious activities conducted by someone using his identity and many a times, they wouldn’t even know about this till it is too late. However, individuals and organizations can play a big role in securing the data they own or hold. Let us understand how.
Seshadri PS, Senior Director – Governance, Risk and Compliance, Office of the CISO, Unisys India
Individuals need to be alert at all times and be very cautious when they share their personal information with outsiders. It is important to understand how the data you share will be used, stored and disposed. Often, individuals give away their data all too willingly when promised potential benefits. The monthly lottery at a nearby mall is really not worth the risk you incur by sharing your email ids and mobile number on tickets which often end up in trash cans and from there to the wrong hands. It is important to be alert in the digital realm as well. Understand privacy policies of mobile apps and software before you download them on to your PCs and mobile devices. Update passwords regularly and use strong passwords, even on devices like cable boxes and internet modems, as applicable. Ignore strange calls or emails asking for information. Verify all hyperlinks. If you have doubts about a website, look at the domain in the URL and use online search engines to verify it independently. Protect your video calls-personal and official-with passwords. In essence, question each instance where individual data is to be shared and do so only when completely convinced about its safety.
Organizations who deal with customer data have an equally important role to play in identity theft. Customer education can be a good starting point. Constantly remind customers what data they will be expected to share with authorized representatives from the organization and what data they should safeguard. Educate them about phishing and vishing campaigns which exploit their trust in the organization. At the backend, secure your data centers that hold customer data. Most businesses now have a porous perimeter driven by the prevalence of cloud and mobile computing, and the need for real-time interaction with suppliers, partners and customers. The traditional perimeter security strategy that many organizations still depend on is ineffective in today’s threat landscape. Equally ineffective are firewalls, subnets, and VLANs, as once an attacker breaches a perimeter, they are free to roam around. A Zero Trust security model based on software defined security is the way to go. Identity-based micro-segmentation via cryptographic communities of interest (COIs) limit access to data on a need basis and are dark to unauthorized users. This reduces attack surface and interconnection vulnerabilities while expanding network reach and access, ensuring policy and role-based protections for every user and endpoint that accesses data center assets.
To conclude, identity theft is a crime that calls for attention and action at individual and business level and all stakeholders need to come together to prevent this crime.
Seshadri PS, Senior Director – Governance, Risk and Compliance, Office of the CISO, Unisys India
Individuals need to be alert at all times and be very cautious when they share their personal information with outsiders. It is important to understand how the data you share will be used, stored and disposed. Often, individuals give away their data all too willingly when promised potential benefits. The monthly lottery at a nearby mall is really not worth the risk you incur by sharing your email ids and mobile number on tickets which often end up in trash cans and from there to the wrong hands. It is important to be alert in the digital realm as well. Understand privacy policies of mobile apps and software before you download them on to your PCs and mobile devices. Update passwords regularly and use strong passwords, even on devices like cable boxes and internet modems, as applicable. Ignore strange calls or emails asking for information. Verify all hyperlinks. If you have doubts about a website, look at the domain in the URL and use online search engines to verify it independently. Protect your video calls-personal and official-with passwords. In essence, question each instance where individual data is to be shared and do so only when completely convinced about its safety.
At its core, it is yet another instance of a data breach, with equally devastating consequences
Organizations who deal with customer data have an equally important role to play in identity theft. Customer education can be a good starting point. Constantly remind customers what data they will be expected to share with authorized representatives from the organization and what data they should safeguard. Educate them about phishing and vishing campaigns which exploit their trust in the organization. At the backend, secure your data centers that hold customer data. Most businesses now have a porous perimeter driven by the prevalence of cloud and mobile computing, and the need for real-time interaction with suppliers, partners and customers. The traditional perimeter security strategy that many organizations still depend on is ineffective in today’s threat landscape. Equally ineffective are firewalls, subnets, and VLANs, as once an attacker breaches a perimeter, they are free to roam around. A Zero Trust security model based on software defined security is the way to go. Identity-based micro-segmentation via cryptographic communities of interest (COIs) limit access to data on a need basis and are dark to unauthorized users. This reduces attack surface and interconnection vulnerabilities while expanding network reach and access, ensuring policy and role-based protections for every user and endpoint that accesses data center assets.
To conclude, identity theft is a crime that calls for attention and action at individual and business level and all stakeholders need to come together to prevent this crime.
