The growth in cyberattacks is all too familiar. Hackers use their devious skills to acquire financial and personal information with the unwitting victim’s data either being sold or used to commit fraud or make purchases.
John McLoughlin, MD, J2 Software, says that the growth in rewards programme’s fraud has provided a new method for criminals to take advantage of data breaches.
“Free and all too easy access to victims’ data is a growing trend,” he said.
“Rewards programmes are a ripe picking ground for cyber crooks because they are often less secure, with users having a more blasé attitude to security matters on these sites as they think they are only safeguarding ‘points’. These sites normally do not have credit card transactions meaning that compliance codes do not apply. Many of these systems do not even have an option for two factor authentication.”
McLoughlin says the expands that compromised, stolen or breached credentials are used to book holidays, free flights or exchange loyalty points for goods.
“The attack vectors are vast and the truth is that our only way to prevent damage is to be both proactive and defensive,” he said.
“We have no choice but to be both attackers and defenders.”
J2 Software’s strategy to address the problem is to make their teams both part of the build-up and the clean-up crew.
“Cyber resilience and the ability to respond are no longer nice-to-have assets – they are crucial in a world where cyber threats are growing and those with ill intent are using everything at their disposal to take advantage,” said McLoughlin.
“It is important to provide a multi-tiered, multi-layered, deep defence approach and take advantage of everything at ones disposal to fend off the unrelenting attacks. This must include our systems and importantly, our people. This is then augmented by adding continuous monitoring of activity, access and compromise.
“Corporate enterprises need to remember that almost every computer literate person uses the same password for everything or with a very small change of a character or number – between systems. A relative’s birthdate, child’s name or similar is used as a login criteria on so many online and network systems. Even with the greatest intent in the world, a single compromise or breach in a third-party system makes sure this is now accessible to the rest of the world.”
McLoughlin says it is not sufficient to simply monitor access into and out of corporate networks or user activity.
“There is a vast hyper-connected world that stretches beyond all borders,” he said.