Each week it appears that there is another major data breach affecting millions of people. One would assume that if you are doing business in the U.S, then you should expect that some unknown nefarious party will steal your data. Unfortunately, this is not something that a consumer can do much about as they have no say in how an organization protects its infrastructure. However, a consumer can choose how they react once they realize that their data has been breached. Consumers can immediately change their passwords upon finding out that they have been compromised.
Additionally, individuals should use strong passwords and set up two-factor authentication. This strong authentication can be in the form of a password and a token. If two-factor authentication is not available, then perhaps increasing the number of passwords or PINs before gaining entry into an account is necessary. These are all measures to enhance security from the user’s side. However, if the organizations fail to encrypt the passwords, storing them in plain text will be of no good.
For those that use cloud services, encrypting files before uploading them will provide another layer of security in the event of a compromise. Using encryption for sensitive emails, hashing for integrity, and proper key management will allow for secure communication even if a third party gets hold of the messages, they are all encrypted. If the key is compromised, then one can issue a key revocation key or the key used expires soon after.
"The newer concepts include embedded systems, IoT, and emerging technological concepts such as AI. As these systems are being implemented by organizations to increase efficiency and sharing of data, there is a greater need for cybersecurity"
What fraud and data breach protection mean for an organization is that they have to be better prepared for the ever-changing landscape. This means being able to get the talent needed to execute security plans that are designed to keep an organization safe. This is difficult with over 300,000 cybersecurity open requisitions identified by CyberSeek. Organizations have to develop baselines and using guidelines from the National Institute of Standards and Technology (NIST) is a good start. For device hardening, the Security Technical Implementation Guides (STIGs) developed by the Defense Information Systems Agency (DISA) can be utilized before deploying items within the enterprise.
However, the new challenges surround hyperconnected devices, and complex systems make the above guidance a prerequisite for running an enterprise. The newer concepts include embedded systems, Internet of Things (IoT), and emerging technological concepts such as Artificial Intelligence (AI). As these systems are being implemented by organizations to increase efficiency and sharing of data, there is a greater need for cybersecurity. With the recent news that companies such as Facebook not only has more data on them, but they have more of an intelligence agency. This revealing news displays the lengths that privacy and trust were taken advantage of.
A significant issue with these hyperconnected devices is the amount of information that is being shared across platforms. Global Position System (GPS) tags, camera data, email contents, phone contacts, and much more. With systems being regularly breached the contents that are so freely shared, allow for fraud to occur with ease. Nefarious actors get a level of detail once before only an intelligence agency would be thought to have. Thus organizations must take data breaches seriously and perform the necessary steps to deter and detect this action.