October means many things, and while children may dream of candy and costumes, some institutions are more intent on another aspect: National Cyber Security Awareness Month (NCSAM), which is celebrating its 10th anniversary this October. Despite 10 years of encouraging security awareness, digital threats have only increased and the event is more important than ever to educate people about how their identities, businesses and credentials may be at risk.
With the number of cyber attacks on the rise according to a recent HP-sponsored Ponemon Institute study, many organizations may be worried about how they can protect their data, and their clients concerned about whether their information is safe with other parties. According to Ponemon's research, the number of cyberattacks has increased from 102 to 122 per week between 2012 and 2013, with the costs of combating the incidents also higher than ever.
Information theft was also noted as the highest external cost related to cyberattacks, with it amounting to 43 percent of total external expenses. Notably, Ponemon's research found that financial services, defense and energy and utilities underwent a higher rate of cybercrime than the retail and hospitality industries.
However, NCSAM is intended to provide organizations and individuals with tips about how they can protect themselves from cyber attacks and other online threats. Naked Security recently published 10 of the most significant types of threats to watch for. It called attention to various ways that identities can be stolen, such as through social networks like Facebook or phishing scams meant to deceive users into logging into fake versions of popular websites. These can be problems for both the public and private sectors, because personal details are often the way that people authenticate themselves online. When these facts are found and passwords stolen, the negative impact can be substantial.
How security might be improved
Issues such as identity theft and fraud often occur because data is insecure. Both institutions and people share some of the responsibility for these acts, because sensitive information isn't as protected as it should be. While businesses, governments and other organizations often endure distributed-denial-of-service attacks, individuals may be targeted by phishing scams that attempt to steal user authentication details by sending emails with links to fake versions of commonly used sites.
As part of its advice for NCSAM, Naked Security explained two-factor authentication and why organizations should use it. The system relies on both passwords and some other external identifier, such as a mobile device, can reduce the effects of fraud. Fingerprints, iris patterns or another personal marker can also be used. Through this process, individuals can worry less about stolen login information being used against them since a smartphone or other piece of equipment will be needed during the verification process.
Another option is bring-your-own-credentials (BYOC), which cuts down on the costs related to in-house ID management by using bank credentials or another trusted organization's login tools. Additionally, should a database be breached, there will be fewer personal details at risk of theft. Reducing the number of passcodes that members and clients must remember can cut down on complexity while improving service.
As NCSAM progresses, decision-makers can participate in a number of events or webinars centered around the month. Now may be the best time to beef up security protocols and consider adding more robust identification methods to services. Identity theft is but one of the many problems affecting most segments of the public and private sectors, and organizations should strive to protect their internal data and client information as much as possible.