Study Tackles Employees' Criminal Misuse Of Stolen Identities -- Security Today

Study Tackles Employees' Criminal Misuse Of Stolen Identities

Aug 01, 2008

ID Analytics Inc. recently released the results of its internal data theft study which provides an analysis of the criminal behavior patterns associated with the misuse of identities stolen from the workplace by employees. The study's findings also provide a better understanding of the harm resulting from an internal versus external data breach.

Organizations routinely invest significant resources to ensure the security of confidential customer and employee information such as home address, Social Security number, and date of birth. In addition to perimeter security, common internal security measures include employee education programs, data access monitoring, and strict policies regarding use of USB ports and portable devices.

However, intentional data theft and unintentional data loss by authorized employees continue to be the most common sources of data breaches. Organizations struggle with the threat of the "human element" -- employees with access to a company's most valuable information. Furthermore, to date, little has been done to study and understand how stolen data is exploited once it leaves an organization.

ID Analytics' study, Analysis of Internal Data Theft, sought to expose how, where and when employees misuse data stolen from the workplace. The research examined more than a dozen incidents of internal data theft involving more than five million identities from consumer and employee files across organizations in the government, education, and commercial sectors.

Of these, eight incidents ultimately led to more than 1,300 cases of attempted fraud targeting bank card, retail card and wireless providers. Using Advanced Analytics to identify suspicious or anomalous activity, the research uncovered associations between transactions and patterns of criminal behavior after data theft had taken place.

Key findings from the study include:

In the analysis of the eight internal data breaches where harm was found, organized misuse ranged from 3 percent (data leak caused by mishandling data) to 36 percent (targeted employee data theft) of the identities stolen.
The identities associated with these internal incidents were up to 24 times more likely be misused than the average U.S. consumer identity.
Misuse of the stolen identities occurred in remarkably close proximity to the site of the internal data theft. Fraudulent activity relating to each incident of internal data theft took place within 20 miles of the source, indicating that the stolen identities had not been sold or distributed on a national level.
Fraudulent activity reflected a significant increase in attempts to acquire wireless phones. Of the 1,300 cases of attempted fraud, 69 percent targeted the wireless industry.
Identities involved in internal data theft were misused in similar patterns to those taken via external attacks in terms of period of use and using the Internet to commit fraud. Most of the stolen identities in the study were used very briefly -- over a period of two weeks.
The internal theft activities also focused mainly on online channels. In five of the eight internal data breach cases, 80 percent of the fraudulent application activity was online.

"In today's data rich environment, organizations continue to struggle with the human element at the heart of data security," said Mike Cook, co-founder and chief operating officer, ID Analytics, Inc. "Companies should be on the alert for what may be the biggest security threat to their customers-employees with access to sensitive customer data. Given the balance between the need to grant employees access to information to complete their job functions and the need to protect sensitive customer data, we encourage companies to implement strategies that increase visibility and reduce the risk of data loss."

National Monitoring Center Secures Updated TMA Installation Quality (IQ) Certification
04/24/2024
PSA TEC 2024 Runs May 13-17 in Dallas
04/24/2024
Hanwha Vision Announces Support for Genetec Security Center SaaS Unified Solution
04/24/2024
ISC West 2024 Welcomed More Than 29,000 Attendees
04/17/2024
Evolon Introduces AI-Powered Video Monitoring Service 
04/17/2024
Resideo to Acquire Snap One to Expand Presence in Smart Living Products and Distribution
04/15/2024
Allegion US Features Interoperability, Mobile Credentials and More at ISC West
04/10/2024
Altronix Showcases Products to Protect Critical Infrastructure at ISC West
04/10/2024

Featured

Perimeter Security Standards for Multi-Site Businesses

When you run or own a business that has multiple locations, it is important to set clear perimeter security standards. By doing this, it allows you to assess and mitigate any potential threats or risks at each site or location efficiently and effectively. Read Now
New Research Shows a Continuing Increase in Ransomware Victims

GuidePoint Security recently announced the release of GuidePoint Research and Intelligence Team’s (GRIT) Q1 2024 Ransomware Report. In addition to revealing a nearly 20% year-over-year increase in the number of ransomware victims, the GRIT Q1 2024 Ransomware Report observes major shifts in the behavioral patterns of ransomware groups following law enforcement activity – including the continued targeting of previously “off-limits” organizations and industries, such as emergency hospitals. Read Now
- Cybersecurity
OpenAI's GPT-4 Is Capable of Autonomously Exploiting Zero-Day Vulnerabilities

According to a new study from four computer scientists at the University of Illinois Urbana-Champaign, OpenAI’s paid chatbot, GPT-4, is capable of autonomously exploiting zero-day vulnerabilities without any human assistance. Read Now
- Cybersecurity
Getting in Someone’s Face

There was a time, not so long ago, when the tradeshow industry must have thought COVID-19 might wipe out face-to-face meetings. It sure seemed that way about three years ago. Read Now
- Industry Events
- ISC West

Webinars

Hanwha Vision (formerly Hanwha Techwin), Salient Systems, Eagle Eye Networks Inc, Evolv Technology, Arcules, ZeroEyes

Shooter Detection: The First Line of Defense
Hanwha Vision (formerly Hanwha Techwin), Salient Systems, Arcules

Embracing AI-driven Access Control
HID Global

Unlock the Potential: Why Make the Shift to Mobile Credentials

Whitepapers

Genetec

How to Modernize Your Existing Security Systems Using Hybrid-Cloud
Eagle Eye Networks Inc

Are you ready for an on-site emergency? A practical checklist
Winsted Corporation

Top Considerations Designing an Ergonomic Control Room

New Products

4K Video Decoder

3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises. 3
PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening. 3
Unified VMS

AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities 3