ID theft is definitely big business these days as cyber criminals enjoy ill-gotten gains at the expense of unsuspecting people who all too often do too little to protect themselves.
But perhaps even more disconcerting than the ID theft problem is the fact that one solution – mobile security awareness – is all too often overlooked. And, to be sure, mobile security awareness can help to prevent ID theft, which occurs when someone accesses another’s personal data and then pretends to be that person to potentially apply for credit cards or loans.
Consider these statistics from IdentityTheft.info, for instance: About 15 million people residing in the U.S. are victimized by ID theft annually with financial losses adding up to some $50 billion. The site adds that around 7% of U.S. adults face ID theft issues with each occurrence racking up losses of $3,500. What’s more, nearly 100 million more Americans have their personal data subject to ID theft risks annually when records in corporate and government databases are either stolen or lost.
One sector that has seen its fair share of data breaches is the healthcare industry, according to Rick Kam, president and co-founder of ID Experts. His Portland, Oregon-based company provides innovative software and services to organizations for managing cyber risks and data breaches, and to consumers to protect and restore their identities after identity theft.
“If data security professionals, IT professional take their eye off the ball on mobile security, I think…there’ll be a rude awakening because if you think about where the threats are occurring in the healthcare sector over the last year, it’s basically…healthcare information being stolen and exploited just because of its value on the black market on the dark web,” says Kam. “And it’s not only healthcare, but it’s companies like Sony and Target and others that are being targeting with malware.”
ID Experts works quite a bit with Ponemon Institute, which conducts independent research on privacy, data protection and information security policy. The organization’s Fifth Annual Benchmark Study on Privacy & Security of Healthcare Data, published in May 2015 and sponsored by ID Experts, shows that more mobile security awareness – or perhaps more focus on exercising best practices that are already widely known – is needed.
The study provides an eye-watering account of some shortcomings that are leading to ID theft opportunities for cyber criminals.
According to the executive summary of the study, most healthcare entities represented in the study have been on the receiving end of numerous security incidents and almost all have experienced a data breach. What the study finds is that many organizations, despite the fact that data breach risks are well known, have insufficient financial resources to safeguard patient information and are therefore unprepared to adequately cope with cyber threat issues.
The executive summary adds, among other things, that data breach issues in the healthcare space continue to put the personal information of patients at risk. The study finds that data breaches could be costing the healthcare sector some $6 billion. It explains that in excess of 90% of healthcare entities represented in the study experienced a data breach, and 40% experienced north of five data breaches over the last 24 months. Moreover, the study finds that the average cost stemming from data breach incidents at healthcare organizations is estimated to be over $2.1 million.
According to the executive summary, for the first time, the top cause of data breaches in the healthcare sector is criminal attacks. In fact, such attacks climbed 125% compared to five years back.
Are IT Departments At Fault?
Asked whether IT departments are up to the challenge of going toe-to-toe with cyber criminals, Kam says that IT departments are trying their best but are nonetheless struggling.
“I think the traditional IT departments…are being overwhelmed,” says Kam. “They’re putting up a good fight. But because of the high value of the data in the black market and the sophistication of the tools that are being made available in the black market, essentially traditional IT organizations don’t stand a chance.”
Kam was one of the speakers on a security panel a couple of months back in Seattle when he heard something that caught his attention. The CISO of the University of Washington said that today’s environment is such that companies have to assume that they’ve been breached rather than merely concentrate on security endpoints, device encryption and password policies.
“If an organization continues to try to defend the endpoints, they may be missing the fact that they’ve already been breached,” says Kam, recounting what he heard at the event. “Organizations are starting to, instead of spending money and resources on trying to add more anti-malware systems or virus systems into the perimeters, what they should be doing is looking to see if they’ve been breached.”
Should they find that they have indeed been breached, organizations should, says Kam, solve that issue first before focusing on the measures to keep cyber criminals away.
How To Fix The Problem?
The aforementioned Ponemon study notes that innovative solutions are needed to help organizations to address two root causes of security incidents and data breaches. Those happen to be employee negligence and hackers.
When it comes to the former, thorough training and awareness programs are needed, and organizations that are serious about avoiding data breaches will pay heed to the call equip their workers with the knowledge they need to keep personal data out of the wrong hands.